Crypto hackers take new spin on fake job scam, dropping ‘nasty’ malware

From cointelegraph by Brayden Lindrea

Crypto hackers have reportedly found a slick new way of tricking their victims into downloading “nasty” malware — which can grant hackers access to a victim’s computer and drain their wallets, or do other significant damage. 

According  to blockchain sleuth Taylor Monahan, known as Tay on X — the hackers would first pose as a recruiter from a reputable crypto firm offering their target a   $200,000 to $350,000  salary.

  Source: Taylor Monahan

However, instead of enticing the target to open a PDF containing malware, or getting a victim to  download video-call software  disguised as  malware , the method involves having the victim follow instructions to fix a microphone and video access issue. 

“If you follow their instructions, you are fucked.”

How the victims fall for the malware attack

The malicious actor would first hit an interviewee with a number of long-reponse interview questions, before one final question which needs to be recorded on video on “Willo | Video Interviewing.”

However, victims will find that there’s an issue with granting microphone and camera access, and are told they have a cache problem before being instructed on “the solution” to resolve the problem, said Monahan, adding: 

“Once you do it, Chrome will prompt you to update/restart to ‘fix the issue.’ It's not fixing the issue. It's fully fucking you.”

Screenshot of the message victims are met with after clicking access to their camera and microphone. Source: Taylor Monahan

Monahan said the malware  provides  the attackers with “backdoor” access to the victim’s devices and potentially drain their crypto funds.

“Ultimately they’ll rekt you via whatever means are required,” she  added , noting that the malware attacks work for the  Mac, Windows and Linux  operating systems.

Related:  Scammers are using Telegram verification bots to inject crypto-stealing malware

Monahan said the fake recruiters are reaching out to victims on  professional networking site LinkedIn  out of the blue, advertising everything from business development manager roles to analyst and researcher positions at notable crypto firms like Gemini and Kraken.

The hackers have also reached out to people on freelancer websites, Discord and Telegram.

Questions asked in the written interview included what  crypto trends  the victim thinks will be most significant for the industry over the next 12 months to how a business development representative should expand the crypto firm’s partnerships in Southeast Asia or Latin America on a “limited budget.”

Monahan recommended those already exposed to the malware to wipe their computer.

Everyone needs to be “careful” and remain “skeptical,” she added.