North Korean actors blend ClickFix with new macOS backdoors in Crypto campaign | CSO Online

A North Korean threat actor known as UNC1609 is targeting cryptocurrency organizations with a ClickFix social engineering campaign that uses fake Zoom meetings and AI-generated video to trick victims into executing malicious macOS commands. The campaign deploys several new macOS backdoors and infostealers, including WAVESHAPER and DEEPBREATH, which are designed to steal sensitive data and maintain remote access.