Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser, allowing attackers to hijack Bitcoin swap transactions and redirect funds to attacker-controlled wallets.

The campaign relies on social engineering that promises large profits from a supposed Swapzone.io arbitrage exploit, but instead runs malicious code that modifies the swap process directly within the victim’s browser.

It could also be the first known ClickFix attack to use JavaScript to alter a webpage’s functionality for a malicious purpose.

Promoted through Pastebin

In the campaign spotted by BleepingComputer, threat actors are iterating…

Source link

Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Promoted through Pastebin

Share this article

More News

2 Predictions for Crypto Treasury Firms in 2026

2 Predictions for Crypto Treasury Firms in 2026

Robinhood’s $221 million crypto revenue drop shows crypto winter isn’t on chain and retail already moved

2 Predictions for Crypto Treasury Firms in 2026