Crypto-Stealing Malware Spread Through Fake Job Offers

Crypto hackers have reportedly developed a clever method to deceive victims into downloading harmful malware that can give them access to the victim’s computer, allowing them to drain wallets or cause other serious damage.

The warning, first issued by Taylor “Tay” Monahan, a security expert and researcher from MetaMask—the most popular Ethereum (ETH) wallet—reveals a growing trend in cybercrime, as reported by Cybernews.

🚨 Heads up all—some dudes have a slick, new way of dropping some nasty malware.

Feels infostealer-y on the surface but…its not.🫠

It’ll really, deeply rekt you.

Pls share this w/ your friends, devs, and multisig signers. Everyone needs to be careful + stay skeptical. 🙏 pic.twitter.com/KRRWGL3GDo

— Tay 💖 (@tayvano_) December 28, 2024

Monahan explained that the scam begins when a fake recruiter contacts potential victims with enticing job offers. These recruiters claim to represent companies like Kraken, MEXC, Gemini, or Meta, targeting even those not actively job hunting, according to Cybernews.

The malicious messages are mainly spread via LinkedIn but are also circulating through freelancer and job websites, as well as messaging apps like Telegram and Discord.

“Eventually, after some back-and-forth, they’ll drop a link to continue the process. The site – ‘Willo | Video Interviewing’ – is clean. It feels like something a crypto co/startup would use,” Monahan said, reported Cybernews.

The link leads to a page where the victim is prompted to answer job interview questions.

The CoinTelegraph notes that the written interview included questions such as which crypto trends the victim believes will be most significant in the coming year, as well as how a business development representative should expand a crypto firm’s partnerships in Southeast Asia or Latin America on a “limited budget.”

The malicious actor first bombards the interviewee with several long-response questions, followed by one final question that requires a video recording. However, victims will encounter an issue when attempting to grant microphone and camera access, and are told there’s a cache problem. They are then given instructions on how to “fix” it.

Monahan explains that once the victim follows the instructions, Chrome will prompt them to update or restart to “fix the issue.” However, this does not resolve anything and actually exposes the victim to further harm,  as noted by Bitget.

The scam targets individuals seeking business development roles, though technical and non-technical positions, including trading and analyst jobs, are also advertised. The pay for these positions is typically high, offering their target a  $200,000 to $350,000 salary, making the offers even more enticing, as reported by CoinTelegraph.

Monahan emphasized the severity of the attack, advising anyone who falls victim to it to immediately wipe their computer, especially if their wallets remain untouched, as reported by Cybernews. Experts are urging job seekers to be cautious of unsolicited job offers, particularly those requesting video recordings or asking for access to personal devices.