PANews|Mar 03, 2026 05:31
Hackers impersonate VC and hijack QuickLens plugin, using ClickFix technology to steal encrypted assets
According to Cointelegraph, hackers are using the "ClickFix" attack technique to steal cryptocurrency, with the latest two attacks involving impersonating venture capital firms and hijacking browser extensions. The cybersecurity company Moonlock Lab reported that scammers impersonated fake VCs such as SolidBit, MegaBit, and Lumax Capital, contacted users through LinkedIn to offer collaboration opportunities, and then guided them to click on fake Zoom and Google Meet links. After clicking on the link, the user will be directed to a page with a forged Cloudflare "I am not a robot" verification box. Clicking on the box will copy malicious commands to the clipboard and prompt the user to open the terminal to paste the so-called verification code, thereby executing the attack. Moonlock Lab pointed out that this technique makes the victim an execution mechanism, bypassing the defense measures of the security industry.
At the same time, hackers also spread malicious software by hijacking the Chrome extension QuickLens. This extension allows users to run Google Lens searches directly in their browser. After ownership is transferred, the new version contains malicious scripts that can launch ClickFix attacks and steal information. The extension has approximately 7000 users and will search encrypted wallet data and mnemonic words to steal funds after being hijacked. It will also crawl Gmail inbox content, YouTube channel data, and login credentials or payment information entered into web forms. The extension has been removed from the Chrome Web Store. ClickFix technology has been popular among hackers since last year, forcing victims to manually execute malicious payloads and affecting thousands of businesses and multiple industries worldwide.
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink