Intrusions involving the ClickFix technique have been deployed by North Korean hacking collective Lazarus Group against individuals looking to secure jobs in the cryptocurrency sector, especially in centralized finance, as part of an attack campaign that commenced last month, BleepingComputer reports.
Popular cryptocurrency firms, including Coinbase, Archblock, KuCoin Exchange, and Bybit, have been spoofed by Lazarus Group in remote job interview invitations redirecting to a convincing ReactJS-based website that triggers a fake driver issue allegedly hindering camera access once video recording is attempted, according to a Sekoia analysis. Such a warning is accompanied by instructions ordering targets to execute a curl command in either CMD or Terminal depending on their devices' operating system that would then be followed by compromise with the Go-based GolangGhost backdoor. Aside from executing file operations and shell commands, GolangGhost also enables the exfiltration of browsing history, cookies, and stored passwords, as well as system metadata, said Sekoia researchers, who urged increased vigilance to mitigate risks associated with the attack that has been ongoing alongside Lazarus' earlier Contagious Interview campaign.
Coverage from Tech Radar indicates that a sophisticated phishing-as-a-service platform, known as Kali365, Octopi365, and Freedom365, is actively targeting Microsoft accounts.
Check Point Research reported that in May 2026, the hospitality, travel, and recreation sector faced an average of 2,291 weekly cyberattacks per organization, a 24% increase from the previous month and more than double the volume seen in May 2023.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
