CryptoPotato
CryptoPotato
  • Crypto News
  • Margin Trading
  • Guides
    • Bitcoin & Crypto Guides 101
    • Bitcoin For Beginners
    • Editorials
  • DeFi & NFT
  • Buy
  • Language
    • Spanish
    • Turkish
    • German
    • Bulgarian
  • Crypto News
  • Bitcoin For Beginners
  • Cryptocurrency Guides 101
  • Editorials
  • Bitcoin & Crypto Margin Trading
  • DeFi & NFT News
  • Bitcoin Price Analysis
  • Ethereum (ETH) Price Analysis
  • Ripple (XRP) Price Analysis
  • Market Updates
  • Interviews
  • Buy Bitcoin with Card
  • CryptoPotato Spanish
  • CryptoPotato Turkey
  • CryptoPotato Germany
  • CryptoPotato Bulgaria
  • Market Updates
  • BTC Analysis
  • ETH Analysis
  • XRP Analysis
  • Interviews
CryptoPotato
CryptoPotato
  • Crypto News
  • Margin Trading
  • Guides
    • Bitcoin & Crypto Guides 101
    • Bitcoin For Beginners
    • Editorials
  • DeFi & NFT
  • Buy
  • Language
    • Spanish
    • Turkish
    • German
    • Bulgarian
  • Crypto News
  • Bitcoin For Beginners
  • Cryptocurrency Guides 101
  • Editorials
  • Bitcoin & Crypto Margin Trading
  • DeFi & NFT News
  • Bitcoin Price Analysis
  • Ethereum (ETH) Price Analysis
  • Ripple (XRP) Price Analysis
  • Market Updates
  • Interviews
  • Buy Bitcoin with Card
  • CryptoPotato Spanish
  • CryptoPotato Turkey
  • CryptoPotato Germany
  • CryptoPotato Bulgaria
Home » Crypto News » Lazarus Group Evolves Tactics to Target CeFi Job Seekers with ‘ClickFix’ Malware

Lazarus Group Evolves Tactics to Target CeFi Job Seekers with ‘ClickFix’ Malware

Author: Chayanika Deka

Last Updated Apr 5, 2025 @ 10:24

Here’s the latest threats coming from the notorious hacking group.

Getting your audio player ready...

A recent cybersecurity report by Sekoia revealed an evolving threat posed by the Lazarus Group, the notorious North Korea-linked hacking group. It is now leveraging a tactic known as “ClickFix” to target job seekers in the cryptocurrency sector, particularly within centralized finance (CeFi).

This approach marks an adaptation of the group’s earlier “Contagious Interview” campaign, which was previously aimed at developers and engineers in artificial intelligence and crypto-related roles.

Lazarus Exploits Crypto Hiring

In the newly observed campaign, Lazarus has shifted its focus to non-technical professionals, such as marketing and business development personnel, by impersonating major crypto firms like Coinbase, KuCoin, Kraken, and even stablecoin issuer Tether.

The attackers build fraudulent websites mimicking job application portals and lure candidates with fake interview invitations. These sites often include realistic application forms and even requests for video introductions, fostering a sense of legitimacy.

However, when a user attempts to record a video, they are shown a fabricated error message, which typically suggests a webcam or driver malfunction. The page then prompts the user to run PowerShell commands under the guise of troubleshooting, thereby triggering the malware download.

This ClickFix method, though relatively new, is becoming more prevalent due to its psychological simplicity – since users believe they are resolving a technical issue, and not executing malicious code. According to Sekoia, the campaign draws on materials from 184 fake interview invitations, referencing at least 14 prominent companies to bolster credibility.

As such, the latest tactic demonstrates Lazarus’s growing sophistication in social engineering and its ability to exploit the professional aspirations of individuals in the competitive crypto job market. Interestingly, this shift also suggests that the group is expanding its targeting criteria by aiming not just at those with access to code or infrastructure but also at those who might handle sensitive internal data or be in a position to facilitate breaches inadvertently.

Despite the emergence of ClickFix, Sekoia reported that the original Contagious Interview campaign remains active. This parallel deployment of strategies suggests that North Korea’s state-sponsored collective may be testing their relative effectiveness or tailoring tactics to different target demographics. In both cases, the campaigns share a consistent goal – delivering info-stealing malware through trusted channels and manipulating victims into self-infection.

Lazarus Behind Bybit Hack

The Federal Bureau of Investigation (FBI) officially attributed the $1.5 billion attack on Bybit to the Lazarus Group. Hackers targeting the crypto exchange employed fake job offers to trick staff into installing tainted trading software known as “TraderTraitor.”

Although crafted to look authentic through cross-platform JavaScript and Node.js development, the applications embedded malware designed to steal private keys and execute illicit transactions on the blockchain.

SPECIAL OFFER (Sponsored)
Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive $600 exclusive welcome offer on Binance (full details).

LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a $500 FREE position on any coin!

Tags: Hacks Lazarus Group
Enjoy reading? Share with your friends
Facebook Twitter LinkedIn Telegram

About The Author

Chayanika Deka
More posts by this author

Chayanika has been working as a financial journalist for six years. A graduate in Political Science and Journalism, her interest lies in regulatory implications with a focus on technological evolution in the crypto realm. Contact:Linkedin

Join Our Community

FacebookX YouTubeTelegram


Editorials
5 Best Meme Coin Presales to Watch in May 2025

5 Best Meme Coin Presales to Watch in May 2025

Toobit Review 2025: Is Toobit a Safe Crypto Exchange?

Toobit Review 2025: Is Toobit a Safe Crypto Exchange?

Hyperliquid Bridge: How to Bridge USDC to Hyperliquid

Hyperliquid Bridge: How to Bridge USDC to Hyperliquid

11 Best Crypto Presales to Consider in May 2025

11 Best Crypto Presales to Consider in May 2025

Need for Speed – Only Ultra-Fast Blockchains Will Win the Adoption Race (Opinion)

Need for Speed – Only Ultra-Fast Blockchains Will Win the Adoption Race (Opinion)

The 5 Best Bitcoin Mining Pools in 2025: Complete Guide

The 5 Best Bitcoin Mining Pools in 2025: Complete Guide

The 5 Best Crypto Staking Platforms in 2025: Everything You Need to Know

The 5 Best Crypto Staking Platforms in 2025: Everything You Need to Know

Join Our Newsletter
Become a CryptoPotato VIP
One Weekly Email Can Change Your Crypto Life.
Sign-up FREE to receive our extended weekly market update and coin analysis report
We NEVER send spam. You can unsubscribe at any time.
Invalid email address
Thanks for subscribing!
Footer Logo
About
Advertise on CryptoPotato
About Us | Contact Us | Careers
Editorial Policy
Terms of service | Privacy Policy | GDPR
More Sections
IEO List | Evaluations
Airdrops
Scholarship
Disclaimer
Disclaimer: Information found on CryptoPotato is those of writers quoted. It does not represent the opinions of CryptoPotato on whether to buy, sell, or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk. Full disclaimer
© Copyright CryptoPotato 2016 - 2025
Scroll to top
One Daily Email Can Change Your Crypto Life.

Sign-up FREE to receive our extended daily market update and coin analysis report

We never send SPAM. You can unsubscribe at any moment
Invalid email address
Thanks for subscribing!