Moonlock Lab: ClickFix Campaigns Leverage Fake VCs and Extension Hijack
Context and chronology
Moonlock Lab has published a report describing a coordinated campaign that fuses professional impersonation with browser‑extension abuse to harvest credentials and implant remote access tooling. Targets are recruited through plausible venture‑style outreach — using made‑up brands such as SolidBit and MegaBit and accounts linked to a contact named Mykhailo Hureiev — and redirected to convincing conferencing pages that stage a clipboard payload and instruct the user to paste it into a local prompt. That human‑mediated paste‑to‑shell step is the operational pivot that converts social trust into code execution.
Extension delivery and observed payloads
Separately traced by Annex Security, the popular Chrome add‑on QuickLens appears to have changed ownership and later published an update containing data‑harvesting scripts; John Tuckner estimated roughly 7,000 installs of the malicious build. Independent technical reviews of related ClickFix variants show operators also distributing add‑ons that intentionally exhaust browser resources (for example, by spinning up massive runtime connections) to provoke hangs and present a fabricated "repair" flow that nudges users to paste prepared clipboard contents. In at least one analyst write‑up the delivered implant was a Python remote‑access trojan (reported as ModeloRAT) that performs reconnaissance, persists and supports encrypted remote control; telemetry indicates operators selectively serve that payload to domain‑joined systems, signaling an enterprise focus.
Tactics, timing and operator tradecraft
Across observed waves the chain often includes a deliberate post‑install delay and a repeating denial‑of‑service or crash cadence designed to make the bogus repair instruction appear credible. Analysts tracking the activity have linked parts of the operational footprint to an actor alias tracked as KongTuke in 2025 telemetry, although naming and high‑confidence attribution remain contested across disclosures. Other supply‑chain abuse incidents during the same period (for example, poisoned VS Code packages that fetched operator instructions via Solana memos) show the same strategic aim — decoupling command signaling from conventional network indicators and weaponizing trusted update channels — even when the technical details differ.
Implications for defenders
The campaign exposes three persistent gaps: trust in professional outreach, weak post‑publication vetting and monitoring of extension updates, and limited visibility into user‑initiated execution via clipboard/paste workflows. Defenders should prioritize restricting extension installation on managed devices, tightening developer‑account controls and publishing tokens, rotating compromised signing credentials, and adding telemetry for clipboard access, unexpected process starts and post‑install timing anomalies. For developer and CI/CD environments, the parallel VS Code compromises underscore the need to rotate exposed secrets and validate build artifacts; blockchain‑based signaling techniques (used to hide operator I/O) require defenders to rely more on host‑level indicators than on single network IOCs.
Takeaway
Rather than a single novel exploit, these incidents represent an operational playbook that combines social engineering reliability with supply‑chain insertion and resilient control channels. Short takedowns of a malicious extension build or a single fraudulent identity will not eliminate the threat; defenders must harden human workflows and developer processes alongside marketplace controls to reduce the attack surface.
Read Our Expert Analysis
Create an account or login for free to unlock our expert analysis and key takeaways for this development.
By continuing, you agree to receive marketing communications and our weekly newsletter. You can opt-out at any time.
Recommended for you
CrashFix: Chrome extension that forces browser crashes to deliver ModeloRAT targets corporate networks
A malicious Chrome add-on masquerading as an ad blocker deliberately destabilizes the browser to trick users into running clipboard-pasted commands that install a Python-based remote access trojan. The campaign, attributed to an actor tracked as KongTuke and active since early 2025, focuses on domain-joined machines in corporate environments and uses a timed denial-of-service loop to sustain the social-engineering lure.
Investigation Links ShinyHunters to Broad Vishing Campaign Targeting Over 100 Organizations
Researchers say a coordinated campaign combined telephone-based social engineering with browser-resident phishing toolkits to target more than 100 organisations across sectors, manipulating live authentication sessions to bypass MFA and SSO protections. A contemporaneous but separate infostealer disclosure — an unsecured cache of roughly 149 million credential pairs captured from endpoints — heightens the risk of credential-stuffing and targeted vishing, complicating response and containment.
Study finds popular Chrome add‑ons secretly harvesting clipboards, rerouting searches and mimicking trusted tools
Security researchers found several widely installed Chrome extensions performing undisclosed data collection, search redirection and brand impersonation. The findings include concrete abuse patterns — from covert clipboard siphoning to social‑engineering campaigns that push remote access trojans — underscoring gaps in vetting and the need for quicker detection and takedown.
Operation Bizarre Bazaar: Criminal Network Hijacks Exposed LLM Endpoints for Profit and Access
A coordinated criminal campaign scans for unauthenticated LLM and model-control endpoints, then validates and monetizes access—running costly inference workloads, selling API access, and probing internal networks. Some exposed targets are agentic connectors and admin interfaces that can leak tokens, credentials, or execute commands, dramatically raising the stakes beyond billable inference.
Critical OpenClaw Flaw Enabled Remote Hijack Through Malicious Web Page
A newly disclosed OpenClaw vulnerability (CVE-2026-25253) let a single malicious webpage steal a browser-exposed token and escalate it into full gateway access and host command execution; OpenClaw released a fix in 2026.1.29. Independent scans and research also found large-scale operational exposure—including hundreds of internet-reachable admin interfaces, unmoderated Moltbook skill posts with hidden prompt‑injection fragments, and separate misconfigurations that leaked millions of API tokens and tens of thousands of emails—so operators must patch, revoke keys, inventory reachable instances, and tighten access and content‑distribution controls immediately.
North Korea-linked hackers deploy AI deepfakes and new malware against crypto and fintech firms
Security researchers attribute a recent surge of tailored intrusions against cryptocurrency, fintech and venture firms to a North Korea-linked cluster that combined AI-generated deepfakes with social engineering to deliver seven distinct malware families. The campaign introduced multiple novel data-harvesting tools, leveraged automated reconnaissance and trusted collaboration channels, and highlights parallel risks from exposed AI endpoints and unvetted plugin ecosystems that amplify attacker scale.
Malware Campaign Used Hugging Face to Host Android RAT Payloads
Security researchers discovered an Android remote-access Trojan distributed via a dropper that redirected victims to Hugging Face-hosted payloads. The campaign used short-lived repositories and frequent payload updates to evade takedowns while abusing a popular model-sharing platform as a file host.
VS Code extensions left 128 million installs vulnerable to exploitation
A security review uncovered critical and high-severity flaws in four popular Visual Studio Code extensions, collectively reaching about 128 million installs and enabling file theft, remote code runs, and network reconnaissance. Three formal CVEs were published and researchers say multiple maintainers ignored notifications for months, forcing public disclosure and urgent mitigation guidance.