333/68 Wednesday, September 10, 2025
North Korea’s Lazarus hacking group has been leveraging the ClickFix technique to trick job seekers in the crypto and blockchain sector through fake job interviews. Victims are instructed to copy and paste malware-laden commands onto their systems, enabling attackers to steal data, siphon funds, and generate revenue to support the North Korean government, including its missile program. The campaign, dubbed “Contagious Interview,” employs a tool called ContagiousDrop, which can automatically install tailored malware for Windows, macOS, or Linux systems.
According to reports from SentinelLABS and Validin, although Lazarus attempted to use public security platforms such as Validin, Maltrail, and VirusTotal to test their own domains and avoid detection, operational security (OPSEC) mistakes led to exposure of files and directories. This allowed researchers to reconstruct the group’s attack timeline and methodologies.
Investigators also discovered attacker server logs containing detailed victim information, including names, emails, phone numbers, and IP addresses, suggesting that Lazarus is building a victim database. Most affected individuals worked in marketing and finance roles within the crypto sector, lured by fake job offers from well-known companies such as Robinhood and eToro. Researchers warn that the human factor remains the most critical defense, urging job seekers to exercise heightened caution when faced with job offers or tests that appear suspicious or too good to be true.
Source https://hackread.com/lazarus-group-malware-clickfix-scam-fake-job-interview/
