North Korea's Lazarus Group is running a ClickFix campaign against macOS users in FinTech, crypto, and leadership roles. Attackers reach targets via Telegram — often through a compromised contact's account — with fake Zoom or Google Meet invites. Once on the call, victims are told to run a command to fix connection issues, unknowingly installing malware called macrasv2, which steals credentials, browser sessions, and macOS Keychain data before self-deleting. Security firm Any.Run flagged the campaign on April 21. The fix? Train employees to never run commands to solve connectivity problems — especially on Macs.
Source: Dark Reading