In a disturbing new twist on fake job scams, crypto hackers have found a sophisticated way to trick victims into downloading malware that provides them with backdoor access to their devices. The attackers pose as recruiters from well-known crypto firms, offering high-paying positions with salaries ranging from $200,000 to $350,000. The scam typically starts with a series of seemingly normal interview questions, building rapport with the victim. However, things take a dangerous turn when the victim is asked to record a final video interview, during which they are instructed to resolve an issue with microphone and camera access.
The attackers exploit the victim’s confusion by claiming that there is a cache problem that needs to be fixed. Once the victim follows the instructions, their browser prompts them to update or restart, which is presented as a solution. In reality, this action triggers a malware download that secretly installs a backdoor, giving the hackers full access to the victim’s device. This clever manipulation is designed to look like a routine fix, making it difficult for victims to detect the malicious nature of the action until it’s too late.
The malware used in this scam is highly dangerous, allowing hackers to potentially drain cryptocurrency funds, steal sensitive information, or cause significant damage to the victim’s system. The attack is not limited to a single operating system, as it works across multiple platforms, including Windows, Mac, and Linux. This broad compatibility makes the scam even more perilous, as it can target a wide range of users, especially those involved in cryptocurrency trading or digital finance.
Security experts, including blockchain sleuth Taylor Monahan, recommend that anyone who suspects they may have been exposed to the malware wipe their devices immediately. Furthermore, they urge users to be cautious and skeptical of unsolicited job offers, particularly those that come via platforms like LinkedIn, Telegram, or Discord. The rise of such sophisticated phishing tactics highlights the ongoing need for vigilance and awareness in protecting personal data and digital assets from malicious actors.
Reference:
