Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    • Blog
      • /
    • Malware
      • /
    • North Korean Hackers Target Job Seekers With ClickFix Attacks

    North Korean Hackers Target Job Seekers With ClickFix Attacks

    KnowBe4 Team | Sep 18, 2025

    iStock-1144604134 (1)North Korean hackers behind the “Contagious Interview” campaign are using the ClickFix social engineering tactic to target job seekers with phony employment offers, according to researchers at SentinelOne.

    “ClickFix typically proceeds as follows,” the researchers explain. “A targeted job seeker receives an invitation to participate in a job application process, directing them to a lure website where they are prompted to complete a skill assessment.

    “During the assessment, the applicant encounters a fabricated error message, such as a camera access issue. They are then instructed to copy and paste command lines, often involving utilities like curl, to download and execute a supposed update from a separate malware distribution server, unknowingly deploying malware in the process.”

    The attackers are primarily targeting marketing and finance employees at cryptocurrency companies, using “lures involving various job positions, such as Portfolio Manager, Investment Manager, and Senior Product Manager, across a range of impersonated companies including Archblock, Robinhood, and eToro.”

    The attackers frequently rotate their infrastructure to stay ahead of defenders, setting up new domains to avoid detection.

    “Given the continuous success of the campaign in engaging job applicants, the threat actors may be prioritizing maintaining operational readiness and meeting their objectives by rapidly deploying new assets to replace disrupted infrastructure, rather than undertaking large-scale targeted changes,” the researchers write. “We observed a high rate of new infrastructure deployment by the Contagious Interview threat actors alongside losses of existing infrastructure due to actions by service providers, which supports this assessment.”

    The researchers conclude, “[A] critical element in mitigating this threat is the human factor. It is important that job seekers, particularly those within the cryptocurrency sector, exercise heightened vigilance when engaging with employment offers and associated assessments.”

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the  KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

    SentinelOne has the story.

    Topics: Malware Human Risk Management

    Discover Your Organization’s Phish-prone™ Percentage

    Ninety-one percent of data breaches begin with spear phishing. Launch our Free Phishing Security Test for up to 100 users to uncover your team's vulnerability and see how your security posture stacks up against industry benchmarks.

    Get Your Free Phishing Security Test

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    KnowBe4 Team

    ABOUT KNOWBE4 TEAM

    The KnowBe4 Team delivers timely, expert-driven insights on cybersecurity trends, emerging threat intelligence, human risk and agent security best practices, compliance strategies and industry research to help organizations strengthen their digital defense layer and stay informed, resilient, and secure.

    Read more from KnowBe4 »

    Subscribe to Our Blog

    Posts By Topic

    View All