The North Korean Lazarus Group has employed the ClickFix social engineering strategy to target individuals seeking jobs in the cryptocurrency sector. This campaign, dubbed ClickFake Interview, utilizes fake job postings from well-known companies such as Coinbase and Kraken to lure potential victims. It delivers a previously undocumented Go-based backdoor, GolangGhost, that affects both Windows and macOS systems. The campaign represents a shift as it targets centralized finance entities, contrasting previous efforts aimed at decentralized finance (DeFi) organizations. Despite being noted since December 2022, it gained public awareness only in late 2023.
The North Korean Lazarus Group has adopted a new social engineering tactic called ClickFix to target job seekers in the cryptocurrency arena, deploying malware through fake job offers.
The campaign known as ClickFake Interview lures candidates using impersonation of major crypto companies and employs malware disguised as legitimate videoconferencing software.
Collection
[
|
...
]