‘ClickFix’ hackers pose as VCs, hijack QuickLens in latest crypto attacks
The ClickFix technique gained popularity among crypto hackers last year, but security researchers have been tracking it since 2024, with targets spanning several industries.
Crypto hackers attempting to use “ClickFix” attacks to steal crypto have now turned to impersonating venture capital firms and hijacking browser extensions in their two most recent attacks.
According to a report by cybersecurity firm Moonlock Lab on Monday, scammers are using fake venture capital firms such as SolidBit, MegaBit and Lumax Capital. The hackers are using the firms to contact users via LinkedIn with partnership offers, then funneling them to fake Zoom and Google Meet links.
When a target clicks the fraudulent link, they are taken to an event page featuring a fake Cloudflare “I’m not a robot” checkbox. Clicking it copies a malicious command to the clipboard, prompting the user to open their computer’s terminal and paste the so-called verification code, which then executes the attack.
Read more
