Cybercriminals are expanding the use of the “ClickFix” social engineering tactic, now posing as venture capital firms to target crypto users and startups. According to researchers at Moonlock Lab, attackers have created fraudulent investment entities such as SolidBit, MegaBit and Lumax Capital to lure victims through professional networking platforms.
In these campaigns, targets receive partnership offers and are directed to counterfeit video conference links. Victims are then prompted to complete a fake verification step resembling a Cloudflare security check. Clicking the prompt silently copies a malicious command, which users are instructed to paste into their system terminal. By convincing victims to execute the code themselves, attackers bypass traditional antivirus and download-based security protections.
Two X users have also reported suspicious conversations with a Hureiev account;
Researchers say the infrastructure behind the scheme is designed to rotate identities quickly once exposure occurs, making enforcement and takedowns more difficult.
QuickLens Chrome Extension Compromised to Steal Wallet Data
In a separate but related development, the Google Chrome extension QuickLens was removed from the Web Store after being hijacked to distribute ClickFix malware. Security firm Annex Security reported that the extension changed ownership earlier this year, after which a malicious update was pushed to roughly 7,000 users.
The compromised extension allegedly searched for crypto wallet credentials, seed phrases, and other sensitive data, highlighting the growing sophistication of crypto focused phishing operations.
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.