Genians observed Kimsuky adopting ClickFix-style social engineering in 2025 activity assessed as an extension of the BabyShark campaign. The cases targeted Korean foreign policy, security, defense, and international affairs audiences through spear-phishing personas, interview lures, secure-document instructions, and a defense-research job site impersonation. Earlier VBS payloads and later PowerShell-based ClickFix chains used decoy Google Drive content, task scheduler persistence, process and user-data collection, and C2 paths such as demo.php?ccs=cin/cout. Infrastructure and artifacts included konamo[.]xyz, raedom[.]store, kida.plusdocs.kro[.]kr, androcl.csproject[.]org, repeated 7539518426 string obfuscation, and the BabyShark-linked Version:RE4T-GT7J-KJ90-JB6F-VG5F marker. The report matters because it shows Kimsuky applying publicly documented ClickFix tradecraft to lower detection opportunities and push victims into executing malicious commands themselves.