From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Lazarus, a North Korean state-sponsored threat actor, has launched a new campaign called ClickFake Interview targeting cryptocurrency job seekers. This campaign, an evolution of the previously documented Contagious Interview, uses fake job interview websites to deploy the GolangGhost backdoor on Windows and macOS systems. The infection chain leverages the ClickFix tactic, downloading and executing malicious payloads during the interview process. The campaign primarily targets centralized finance (CeFi) entities, aligning with Lazarus' focus on cryptocurrency-related targets. Notable changes include targeting non-technical roles and using ReactJS-based websites for the fake interviews. The malware provides remote control and data theft capabilities, including browser information exfiltration.
OPENCTI LABELS :
backdoor,north korea,cryptocurrency,clickfix,golangghost,frostyferret,job interviews,cefi
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic