Hackers Exploit ClickFix Attacks Through Fake VC Profiles and Chrome Extension

According to Moonlock Lab, scammers posing as venture firms such as SolidBit used LinkedIn outreach and fake meeting links to deploy a ClickFix variant and abuse the QuickLens Chrome extension, impacting thousands of devices globally since 2024.

43d ago

Summary

Moonlock Lab reported an expanded ClickFix attack campaign in which scammers impersonate venture capital firms, including SolidBit, to target crypto users through LinkedIn and fraudulent meeting links. Victims are lured into executing malicious code, while attackers also exploit the Chrome extension QuickLens to steal cryptocurrency wallet data. The firm stated that the campaign has affected thousands of devices worldwide since 2024, underscoring the scale and persistence of the operation.

Terms & Concepts

ClickFix attack: A phishing-based technique that tricks users into executing malicious code or interacting with infected links to compromise systems or steal data.
Chrome extension: A browser add-on that enhances functionality but can be exploited or hijacked to access sensitive user data such as crypto wallets and emails.
QuickLens: A Chrome browser extension reportedly hijacked by attackers to extract cryptocurrency wallet credentials and other sensitive user information.