North Korean Hackers Goal Job Seekers With ClickFix Assaults

North Korean hackers behind the “Contagious Interview” marketing campaign are utilizing the ClickFix social engineering tactic to focus on job seekers with phony employment affords, in keeping with researchers at SentinelOne.

“ClickFix usually proceeds as follows,” the researchers clarify. “A focused job seeker receives an invite to take part in a job software course of, directing them to a lure web site the place they’re prompted to finish a talent evaluation.

“In the course of the evaluation, the applicant encounters a fabricated error message, akin to a digicam entry difficulty. They’re then instructed to repeat and paste command strains, typically involving utilities like curl, to obtain and execute a supposed replace from a separate malware distribution server, unknowingly deploying malware within the course of.”

The attackers are primarily concentrating on advertising and marketing and finance staff at cryptocurrency firms, utilizing “lures involving numerous job positions, akin to Portfolio Supervisor, Funding Supervisor, and Senior Product Supervisor, throughout a variety of impersonated firms together with Archblock, Robinhood, and eToro.”

The attackers incessantly rotate their infrastructure to remain forward of defenders, establishing new domains to keep away from detection.

“Given the continual success of the marketing campaign in participating job candidates, the risk actors could also be prioritizing sustaining operational readiness and assembly their aims by quickly deploying new property to switch disrupted infrastructure, reasonably than endeavor large-scale focused modifications,” the researchers write. “We noticed a excessive price of latest infrastructure deployment by the Contagious Interview risk actors alongside losses of current infrastructure because of actions by service suppliers, which helps this evaluation.”

The researchers conclude, “[A] essential component in mitigating this risk is the human issue. It will be important that job seekers, significantly these throughout the cryptocurrency sector, train heightened vigilance when participating with employment affords and related assessments.”

KnowBe4 empowers your workforce to make smarter safety selections every single day. Over 70,000 organizations worldwide belief the  KnowBe4 HRM+ platform to strengthen their safety tradition and cut back human threat.

SentinelOne has the story.