Cyberdudebivash

  Executive Snapshot What’s new: North Korea–aligned actors are using a “ClickFix” social-engineering pattern that tricks victims into running the malware install themselves —often by pasting a “fix” into system dialogs—bypassing many automated defenses. Microsoft, Proofpoint and others have documented the technique’s rise, including use by state groups (not just criminals). Microsoft +2 Proofpoint +2 Payload of choice: Multiple 2024–2025 reports tie BeaverTail (a DPRK-linked infostealer/loader family) to job-interview and crypto-sector lures; 2025 campaigns expanded delivery paths (e.g., open-source packages) and now pair with ClickFix landing pages. Broadcom +3 The Hacker News +3 securitylabs.datadoghq.com +3 Who’s being targeted: Job seekers (fake recruiters), crypto and retail roles, and developer communities via poisoned packages—aligned with DPRK financial objectives. Sekoia.io Blog +2 thaicert.or.th +2 Defender move: Block the social-engineering step (us...