Hackers use "ClickFix" technology to impersonate VC and hijack QuickLens extensions, stealing cryptocurrencies.

Techub News reports that hackers are stealing cryptocurrencies through the “ClickFix” attack method. Recent cases include impersonating venture capital firms and hijacking browser extensions. Moonlock Lab revealed that scammers are pretending to be fake VCs like SolidBit, MegaBit, Lumax Capital, etc., contacting users via LinkedIn to offer collaboration opportunities, then guiding them to click on fake Zoom or Google Meet links. After users enter the page, they encounter a fake Cloudflare “I’m not a robot” verification box; clicking it maliciously copies commands to the clipboard and tricks users into opening a terminal to paste and execute, completing the attack. This method bypasses traditional security defenses, prompting victims to actively execute malicious payloads. Additionally, hackers hijacked the Chrome extension QuickLens (about 7,000 users), embedding malicious scripts in the new version to search for cryptocurrency wallets, seed phrases, Gmail inboxes, YouTube data, and login credentials/payment information from forms. The extension has been removed from the Chrome Web Store. ClickFix has been popular since last year, affecting thousands of businesses worldwide across multiple industries.