North Korean actors blend ClickFix with new macOS backdoors in Crypto campaign

North Korean threat actor UNC1609 is using ClickFix (a social engineering technique where attackers trick users into running malicious commands) combined with AI-generated videos to target cryptocurrency companies. The attackers impersonate industry contacts via compromised Telegram accounts, conduct fake video meetings, and convince victims to paste commands into their macOS Terminal, which downloads and executes malware including multiple undocumented backdoors (WAVESHAPER, HYPERCALL, HIDDENCALL, and others) that steal sensitive data and establish remote access.