216.73.217.139

Traps Beneath Fault Repair: Analysis of Recent Attacks Using ClickFix Technique

· Published 01/09/2025 09:56 · Modified 01/09/2025 10:30

Export JSON

Essential information

Published
01/09/2025 09:56
Modified
01/09/2025 10:30
Tags
2025-09-01 apt-q-1 beavertail clickfix invisibleferret macos node.js phishing social engineering windows
Related entities
18 observables, 1 intrusion sets (apt), 16 techniques (mitre), 2 malware, 2 others

Description

Lazarus, an APT group with suspected East Asian origins, has recently employed the technique in their attacks. The group, known for targeting financial institutions and cryptocurrency exchanges, now uses fake job opportunities to lure victims to interview websites. These sites prompt users to 'fix' non-existent camera issues, tricking them into downloading malware disguised as Nvidia software updates. The malware deploys a environment and executes , a common Lazarus tool. On 11 systems, an additional backdoor (drvUpdate.exe) is installed. The attack also affects users. The malware establishes persistence and connects to command and control servers for further instructions and data exfiltration.

External references