- 블로그 | 정치적 격동기에 IT 리더가 할 수 있는 역할
- 완전 자율 주행 자동차가 관광 산업에도 영향··· 웨이모, ‘2025 관광 영향 보고서’ 발간
- European cloud group invests to create what it dubs “Trump-proof cloud services”
- The OnePlus 12 is still a powerhouse in 2025 - and it's on sale for a limited time
- The 110+ best Amazon Spring Sale tech deals still live
ClickFake Interview Campaign by Lazarus Targets Crypto Job Seekers

A new cyber campaign using fake job interviews to target cryptocurrency professionals has been uncovered by security researchers.
The operation, dubbed “ClickFake Interview,” was attributed to the North Korean Lazarus Group and involves social engineering tactics to distribute malicious software.
According to a report published by Sekoia today, the attack chain begins with fraudulent job postings on platforms like LinkedIn or X (formerly Twitter).
Threat actors posing as recruiters contact professionals in the cryptocurrency sector, inviting them to interviews. During the process, victims are tricked into opening malicious documents or clicking on compromised links, ultimately leading to malware infection.
The malware, identified as “ClickFix,” enables remote access to the victim’s system, allowing Lazarus to steal sensitive data, including cryptocurrency wallet credentials. The campaign is a continuation of the Group’s long-running strategy of targeting financial institutions and cryptocurrency entities to fund the North Korean regime.
Sekoia highlighted that Lazarus has adapted its techniques over time, incorporating sophisticated deception strategies.
In this campaign, the group used genuine-looking documents and engaged in full-fledged interview conversations mimicking legitimate hiring processes to enhance credibility.
Once the malicious tool is installed, attackers can execute arbitrary commands, exfiltrate data and maintain persistent access to compromised systems.
Protecting Against ClickFake Attacks
Indicators of compromise (IOCs) linked to ClickFake include specific domains, hashes and malware signatures.
“A particular element of ClickFake Interview is that fake job offers are designed to attract profiles different from software developers and engineers,” Sekoia warned.
“This may reflect a new Lazarus strategy targeting cryptocurrency industry employees with limited technical expertise, making them less likely to detect the malicious curl command during the interview.”
Lazarus Group has been associated with several high-profile cyber heists, including the $620m Ronin Network breach.
Sekoia emphasized the importance of awareness, advanced threat detection and multi-layered security measures to mitigate risks.
To avoid falling victim to such scams, professionals should verify recruiter identities through official company websites, avoid downloading files or clicking links from unknown sources and use endpoint protection solutions to detect malicious activity.