Web3 professionals are being targeted in a new cyberattack that tricks them into running malicious code during fake job interviews.
Crypto scammers, posing as recruiters from major crypto firms, approach victims on platforms like LinkedIn, Telegram, and freelancing sites with enticing job offers.
On Dec. 28, on-chain investigator Taylor Monahan exposed the scheme. Victims are directed to a legitimate-looking video interview platform called “Willo | Video Interviewing,” designed to appear trustworthy.
The interview process includes standard industry-related questions to establish credibility.
The attack unfolds during the final question, which involves recording a video response. Victims encounter a “technical issue” with their microphone or camera and are presented with a troubleshooting guide. This guide contains steps that require victims to execute system-level commands, granting attackers full backdoor access to their devices.
Monahan warned that this access allows attackers to bypass security measures, install malware, monitor activities, steal sensitive data, or drain cryptocurrency wallets. She advised users to avoid running unknown code and recommended that those affected wipe their devices entirely to prevent further compromise.
This scam highlights the evolution of job recruitment fraud. Similar schemes have included malware-injecting meeting apps and malicious npm packages targeting blockchain developers.
How the Scam Works
The Scam is perpetrated by posting Web 3 job positions on social media to attract applicants.
Once the victim is interested, they are redirected to a video interviewing platform dubbed “Willo | Video Interviewing,” which isn’t malicious but designed to boost the credibility of the entire process.
- Victims of the scam are quizzed on standard industry-related questions, such as their views on significant crypto trends over the next 12 months. These questions help build trust and make the interaction seem legitimate.
- However, as stated earlier the real attack unfolds during the final question, which requires recording it on video. When trying to set up the video recording process, victims encounter a technical issue with their microphone or camera.
- The website presents a malicious troubleshooting steps masked as a solution to the issue.
Mohan explained that this solution contains malicious malware which bypasses the security of the victim’s device.
“It allows them to do anything on your device. It’s not really general-purpose stealer, it’s general-purpose access. Ultimately, they’ll rekt you via whatever means are required,” Monahan wrote.
The access allows the bad actors to install malware, monitor activities, steal sensitive data, or drain cryptocurrency wallets without the victim’s knowledge, based on typical outcomes observed in similar attacks.
The new development reveals a new strain of Malicious scheme targeting Web 3 Job applicants.
What to Know
- Web 3 scams are on the rise in the crypto space with Pig butchering scams dominating the tally.
- The new strain of scams targeting Web 3 job applicants on LinkedIn and other social media platforms falls under the category of social engineering scams in the crypto space.
