Just saw a report about the escalating ClickFix attack, which is concerning for anyone holding digital assets.

According to Moonlock Lab, hackers have adopted a new strategy by impersonating well-known fake investment companies such as SolidBit, MegaBit, or Lumax Capital, then sending invitations via LinkedIn to victims. When victims click on the fake Zoom or Google Meet links, they encounter a webpage with a fake Cloudflare CAPTCHA button that looks very real.

The worst trick is that when clicking that button, the system copies malicious commands to the clipboard and tricks victims into pasting and executing the commands in the terminal. Hackers use this method because it bypasses traditional security mechanisms. The victim is the one executing the commands, making detection much harder.

Another concerning issue is that John Tuckner from Annex Security revealed that the Chrome extension called QuickLens was hijacked after a brief period of ownership change. This extension has about 7,000 users, and after two weeks, a new version containing malicious scripts was released, linked to the ClickFix attack.

What can the hijacked extension do? It can scan digital wallet data, extract recovery information, and also access Gmail emails, YouTube data, and login credentials on various websites. The extension has been removed from the store, but anyone who installed it earlier must delete it immediately.

The key point to remember is not to click on links from unknown sources and not to trust invitations from investment companies that haven't contacted you before. Even if they look official, links sent via LinkedIn should be carefully verified, as many people have already fallen for this trick.