Criminals have started using a new method to spread crypto-stealing malware by pretending to be recruiters from popular companies.
The warning was issued by security expert and researcher Taylor Monahan from the most popular ethereum (ETH) wallet, MetaMask.
According to her, the attack typically begins with a "recruiter" from a well-known company, such as Kraken, MEXC, Gemini, or Meta, approaching a potential victim with an attractive job offer, "even to those not actively job hunting."
The dangerous messages are primarily spread via the LinkedIn platform, though freelancer and job sites are also being used, along with messaging apps such as Telegram and Discord.
"Eventually, after some back-and-forth, they'll drop a link to continue the process. The site – 'Willo | Video Interviewing' – is clean. It feels like something a crypto co/startup would use," Monahan said.
After clicking the link, the target is asked to answer questions typical of a job interview, such as how they would manage a limited budget for partnerships aimed at expanding the user base in emerging markets.
However, to answer the final question, the target is required to record a video, which necessitates granting access to their camera and microphone. The video function doesn’t work, and the criminals provide a "fix," which is the exact step where the malware is hidden and becomes activated if the target follows their instructions.
"If you get hit with this, you need to wipe your computer. Especially if your wallets haven’t been drained," Monahan stressed, adding, "There are SO many malicious actors who spend all day trying to trick you into copying/pasting/running code like this. It will always destroy you."
She also noted that these criminals mainly target individuals interested in business development roles. However, both technical and non-technical positions are being offered, including trading, analyst jobs, and more. Meanwhile, the pay ranges are said to be mostly on the higher end.
Your email address will not be published. Required fields are markedmarked