From 9 to 13 Different Wallets: Fake Web3 Job Recruiters Update Their Crypto-Stealing Malware
Sead specializes in writing factual and informative articles to help the public navigate the ever-changing world of crypto. He has extensive experience in the blockchain industry, where he has served...
Fake Web3 job recruiters associated with North Korea target job-seekers online, tricking them into downloading malware that masquerades as a video call application – stealing their crypto.
According to the latest report from cyber risk team Unit 42 by major cybersecurity company Palo Alto, the novel variant of a previously discovered malware targets both Windows and macOS.
Notably, it is now capable of stealing cryptocurrency from 13 different wallets, including MetaMask, BNB Chain, Exodus, Phantom, TronLink, Crypto.com, and more.
The researchers argue that these are North Korean threat actors who are likely financially motivated, working to support the Democratic People’s Republic of Korea (DPRK) regime.
The attackers target tech industry job seekers’ devices.
They contact software developers through job search platforms and invite them to an online interview.
The attacker will then work to convince the developer to download and install malware presented as a video chat app.
Once the victim executes the malicious code, it starts working in the background to collect data and digital funds.
Let’s check out some of the many examples.
In June 2024, a Medium article warned about fake recruiters on GitHub and LinkedIn Premium. Specifically, author Heiner named “Onder Kayabasi” as the account that contacted the writer over LinkedIn.
The LinkedIn account is no longer available, but there is a similar Twitter account that is still live at the time of writing.
These social engineering and fraud campaigns “aim to infect, steal information and
Read more on cryptonews.com
