From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic

Sekoia documents a Lazarus-run campaign called "ClickFake Interview" that lures cryptocurrency job seekers to ReactJS-based fake interview sites, uses a ClickFix prompt to persuade victims to run OS-specific commands, and ultimately installs a Go-based interpreted backdoor (GolangGhost) on Windows/macOS and a macOS stealer (FrostyFerret) to exfiltrate credentials and browser data; the report includes IoCs (domains, C2 IPs, file hashes), YARA rules, and detection/hunting guidance and links the activity to the broader Contagious Interview operations targeting CeFi firms.