ChainCatcher report, according to Cointelegraph, hackers are exploiting the "ClickFix" attack method to steal cryptocurrencies, with the latest two incidents involving impersonation of venture capital firms and hijacking browser extensions. Cybersecurity firm Moonlock Lab reported that scammers impersonate fake VCs such as SolidBit, MegaBit, and Lumax Capital, contacting users via LinkedIn with offers of collaboration, then directing them to click fraudulent Zoom and Google Meet links. After clicking the links, users are redirected to pages featuring a forged Cloudflare "I'm not a robot" verification box; clicking this box copies malicious commands to the clipboard and prompts users to open a terminal to paste the so-called verification code, thereby executing the attack. Moonlock Lab noted that this technique turns victims into execution agents, bypassing traditional security defenses. Meanwhile, hackers are also distributing malware by hijacking the Chrome extension QuickLens. This extension allows users to run Google Lens searches directly within their browser; after its ownership was transferred, the updated version included malicious scripts capable of launching ClickFix attacks and stealing data. With approximately 7,000 users, the compromised extension searches for cryptocurrency wallet data and seed phrases to steal funds, while also harvesting Gmail inbox content, YouTube channel data, and login credentials or payment information entered into web forms. The extension has since been removed from the Chrome Web Store. The ClickFix technique has gained popularity among hackers since last year, forcing victims to manually execute malicious payloads and affecting thousands of businesses across multiple industries globally.
Hackers impersonate VCs and hijack the QuickLens plugin to steal crypto using the ClickFix technique
ChaincatcherShare
Cryptocurrency news reports that hackers are using the 'ClickFix' attack method to steal digital assets. Attackers impersonated VCs such as SolidBit and Lumax Capital on LinkedIn, luring victims to fake Zoom and Google Meet links. These pages employed Cloudflare-style verification boxes to copy malicious commands to the clipboard. The Chrome extension QuickLens was also compromised to steal wallet data, mnemonics, and login credentials before being removed from the Chrome Web Store. The ClickFix technique has affected thousands of businesses worldwide, underscoring the need for stronger cryptocurrency regulations and greater user vigilance.
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.