Cybercriminals Impersonate Recruiters to Deploy Malware and Exfiltrate Wallets

Crypto hackers have embraced a sophisticated new scam to access victims’ devices and steal funds, masquerading as recruiters from well-known cryptocurrency firms offering lucrative salaries.

According to blockchain investigator Taylor Monahan, the perpetrators target individuals by advertising positions with salaries ranging from $200,000 to $350,000, enticing them into their trap.

Hackers Employ New Technique to Spread Malware

Unlike traditional phishing schemes, the hackers utilize an innovative method to disseminate malware.

Victims are prompted to resolve a microphone or video access issue during a supposed interview process.

The fraudulent recruiters conduct lengthy written interviews before posing the final question, which necessitates a video response recorded via the “Willo | Video Interviewing” platform.

When victims face technical issues, they are directed to “fix” the problem by clearing their browser cache, which causes Chrome to restart.

However, this “fix” installs malware that provides the attackers with backdoor access to the victim’s devices, allowing them to drain crypto wallets or inflict further damage.

Monahan cautions that the malware is effective across Mac, Windows, and Linux operating systems, making it a widespread threat. She states, “If you follow their instructions, you’re compromised.”

They’ll message through LinkedIn (or wherever) for a bit and gather some background on you.
Eventually, after some exchanges, they’ll share a link to continue the process.
The site—”Willo | Video Interviewing”—appears legitimate. It looks like something a crypto company/startup would utilize. pic.twitter.com/0VRzfnL9J5

— Tay (@tayvano_) December 28, 2024

The attackers are contacting victims through LinkedIn, freelance websites, Discord, and Telegram, using fake job postings for roles such as business development managers, analysts, and researchers at prominent firms like Gemini and Kraken.

The interview questions appear credible, probing candidates on industry trends and strategies to expand partnerships in regions like Southeast Asia or Latin America.

However, the goal is to establish trust before executing the malware attack.

For those who may have been victimized, Monahan recommends wiping the infected computer to prevent further exploitation.

She also urges the community to remain vigilant and skeptical of unsolicited job offers, highlighting the importance of caution in the face of increasingly sophisticated scams.

Crypto Industry Lost $1.49B to Hacks and Fraud in 2024

As reported, the crypto sector experienced losses totaling $1.49 billion in 2024 due to hacks and fraud, representing a 17% decrease from 2023.

According to a report by blockchain security platform Immunefi, hacks were overwhelmingly the primary cause, accounting for $1.47 billion or 98.1% of the total losses across 192 incidents.

Fraud, including rug pulls and scams, constituted just 1.9% of the losses at $28 million, although this category saw a 72% increase year-on-year.

The reduction in overall crypto losses reflects enhanced security measures, as the number of successful attacks also dropped by 27.5%, from 320 in 2023 to 232 in 2024.

Japan’s DMM Bitcoin exchange suffered a $305 million private key breach in May, while WazirX, India’s leading crypto exchange, lost $235 million in July after hackers compromised its Ethereum-based multisig wallet.

Together, these two incidents accounted for 36% of the total losses.

Decentralized finance (DeFi) protocols remained primary targets, representing 51.4% of the losses, while centralized finance (CeFi) platforms accounted for 48.6%.

Notably, CeFi losses surged by 77.5% year-on-year, reaching $726 million.

Ethereum and Binance Smart Chain were the most attacked blockchains, with Ethereum facing 104 incidents that resulted in 44% of total chain losses.

The post Crypto Hackers Pose as Recruiters to Spread Malware and Steal Wallets appeared first on Cryptonews.