A financially motivated threat actor tracked as UNC1609 is using a ClickFix-style social engineering campaign to deploy multiple macOS malware families against crypto-focused organizations. According to new research from Google Cloud’s Mandiant, the activity recently targeted an employee at a company operating in the cryptocurrency and decentralized finance (DeFi) sector. The researchers said that the North Korea-linked UNC1069 used a social engineering chain that involved a hijacked Telegram account, a fake Zoom meeting, a ClickFix-style command execution, and the reported use of AI-generated video to deceive the victim. By impersonating a known industry contact and staging a fake video mee...