Qianxin attributes a recent ClickFix campaign to Lazarus, tracked internally as APT-Q-1, based on overlap with prior Lazarus reporting and deployment of BeaverTail and InvisibleFerret. The campaign uses fake recruiting and interview sites to persuade victims to run supposed Nvidia or camera-driver fixes, while the downloaded packages install malicious tooling on Windows and macOS. On Windows, ClickFix-1.bat retrieves nvidiaRelease.zip from driverservices.store, runs VBS and batch scripts, installs or uses Node.js, launches BeaverTail from main.js, adds registry persistence, and on Windows 11 executes a drvUpdate.exe backdoor. BeaverTail contacts C2 such as 45.159.248.110 or 45.89.53.54 and can deploy InvisibleFerret, while drvUpdate.exe communicates with 103.231.75.101:8888 and supports device collection, command execution, file write, sleep, and file read functions. The macOS chain uses arm64-fixer-style packages and LaunchAgents persistence to run the same BeaverTail component, showing the social-engineering flow was adapted across platforms.