Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser, allowing attackers to hijack Bitcoin swap transactions and redirect funds to attacker-controlled wallets.

The campaign relies on social engineering that promises large profits from a supposed Swapzone.io arbitrage exploit, but instead runs malicious code that modifies the swap process directly within the victim’s browser.

It could also be the first known ClickFix attack to use JavaScript to alter a webpage’s functionality for a malicious purpose.

Promoted through Pastebin

In the campaign spotted by BleepingComputer, threat actors are iterating…