Job seekers targeting cryptocurrency companies have encountered a new cybercrime scheme aimed at stealing their assets, revealed by MetaMask developer Taylor Monahan.
🚨 Heads up all—some dudes have a slick, new way of dropping some nasty malware.
— Tay 💖 (@tayvano_) December 28, 2024
Feels infostealer-y on the surface but…its not.🫠
It'll really, deeply rekt you.
Pls share this w/ your friends, devs, and multisig signers. Everyone needs to be careful + stay skeptical. 🙏 pic.twitter.com/KRRWGL3GDo
On platforms like LinkedIn, Discord, Telegram, and freelance websites, scammers pose as recruiters from companies such as Kraken, MEXC, Gemini, and Meta. They offer roles for technical specialists, traders, and analysts, with salaries ranging from $200,000 to $350,000.
Victims are invited to a text-based interview via the Willo platform, where they are asked questions about the cryptocurrency market and tasked with developing a business expansion strategy. In the final stage, candidates are asked to record a video response.
During the recording, a pop-up window requests access to the user’s microphone and camera. The platform then simulates a hardware error, prompting users to update drivers or restart their browser.
If you follow their instructions, you are fucked.
— Tay 💖 (@tayvano_) December 28, 2024
They vary depending whether you are on Mac/Windows/Linux.
But once you do it, Chrome will prompt you to update/restart to "fix the issue."
It's not fixing the issue. It's fully fucking you. pic.twitter.com/ZEn2HpuAEb
Following these “recommendations” installs a backdoor on the victim’s device, giving hackers access and enabling them to steal cryptocurrency assets.
The attack targets macOS, Windows, and Linux operating systems.
Monahan did not disclose the number of victims or the total financial damage.
Previously, the attack on Japanese cryptocurrency exchange DMM Bitcoin resulted in $308 million in losses. It also started with a fake recruiter on LinkedIn, who compromised an employee from a third-party company with access to the exchange’s assets. According to the FBI, the incident was orchestrated by North Korean state-backed hackers known as TraderTraitor.
Cryptol – your source for the latest news on cryptocurrencies, information technology, and decentralized solutions. Stay informed about the latest trends in the digital world.