New Scam Targets Web3 Professionals
Scammers are now targeting professionals in the Web3 and cryptocurrency industries. They lure victims with fake job interviews and trick them into running malicious code. This sophisticated scheme involves offering attractive job opportunities from fake recruiters posing as representatives of major cryptocurrency firms.
How the Scam Works
According to investigator Taylor Monahan, who highlighted this attack on December 28, scammers approach victims through platforms like LinkedIn, Telegram, or freelancing sites. After expressing interest in the job offer, victims are directed to a video interview platform called "Willo | Video Interviewing", which appears legitimate but is part of the scam.
During the interview, scammers initially ask standard questions, such as the victim’s views on current cryptocurrency trends, to build trust. The critical moment occurs during the final step, where the victim is required to upload a video.
The Turning Point: Fake Troubleshooting Instructions
While attempting to upload the video, victims encounter a "technical issue" with their microphone or camera. At this point, scammers provide troubleshooting steps that require the victim to execute commands or follow instructions on their device. If the victim complies, the attackers gain backdoor access to their system.
Taylor Monahan warns that this process grants attackers complete access to the victim’s device, allowing them to install malware, monitor activity, steal sensitive data, or drain cryptocurrency wallets.
Recommendations for Protection
Monahan advises:
Never execute unknown code on your device.
If you suspect being targeted, completely wipe your device to prevent further compromise.
Other Scam Examples
This type of attack differs from typical fake job offer scams. For example, Cado Security Labs recently uncovered a fake meeting application that injected malware upon installation, enabling attackers to steal cryptocurrency funds and login credentials.
Last year, crypto.news reported a case where fake recruiters on Upwork tricked blockchain developers into downloading malicious packages from GitHub. These packages contained scripts that allowed attackers to gain remote access to the victim's devices.
Trust and vigilance are critical to protecting against these sophisticated scams.
#HackerAlert , #CyberSecurity , #CryptoNewss , #CryptoSecurity , #HackerNews
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“