Crypto hackers attempting to use “ClickFix” attacks to steal crypto have now turned to impersonating venture capital firms and hijacking browser extensions in their two most recent attacks.
According to a report by cybersecurity firm Moonlock Lab on Monday, scammers are using fake venture capital firms such as SolidBit, MegaBit and Lumax Capital. The hackers are using the firms to contact users via LinkedIn with partnership offers, then funneling them to fake Zoom and Google Meet links.
When a target clicks the fraudulent link, they are taken to an event page featuring a fake Cloudflare “I’m not a robot” checkbox. Clicking it copies a malicious command to the clipboard and prompts the user to open their computer’s terminal…
