Threat Actors Use Fake Job Interviews to Defraud Web3 Job Seekers

A social engineering attack is targeting Web3 job seekers with fake interviews through a rogue meeting app that deploys info-stealing malware.

New fake job scam emerges

Security researchers have spotted a recent social engineering campaign aimed at job seekers in the Web3 field.

The Web3 space often boasts too-good-to-be-true offers, ranging from crypto token investments to play-to-earn games and even jobs.

Threat actors were recently spotted exploiting the trusting nature of some crypto enthusiasts, enticing them into infecting themselves with info-stealing malware under the pretense of offering them lucrative jobs in the crypto field.

Hundreds reportedly impacted

The campaign reportedly affected hundreds of individuals so far, although the exact number is still unknown.

A Russian threat actor group called “Crazy Evil” is allegedly behind the malicious campaign. The gang’s modus operandi involves using social engineering techniques to trick unsuspecting targets into installing software laced with info-stealer code on their devices.

Once the victim is infected, the malware harvests everything the perpetrators might find useful, focusing on authentication cookies, credentials, and crypto wallets.

Crazy Evil is notorious for its earlier malicious activity in the Web3 sphere, having been spotted running campaigns that pushed fake job opportunities and rogue games to users in the space.

Threat actors used fake Web3 company profile

Web3 professional Choy, who was targeted by the new fake job scam, told BleepingComputer that the threat actors created a sophisticated fake presence for a company called “ChainSeeker[.]io.” The rogue persona had a website, as well as LinkedIn and X profiles, to further the illusion of legitimacy.

Perpetrators took it a step further and created premium job listings on various popular platforms, using in-demand roles like Social Media Manager, NFT Artist, Blockchain Analyst and Chief Marketing Officer.

Targets redirected to Telegram

Job applicants received an interview invite email asking them to reach out to a “team member” via Telegram in order to arrange a meeting. Once contact with the so-called team member was established, the applicant would be provided with a website and a code, as well as directions to install a specific app on their devices.

However, visiting the website and using the provided code would trigger info-stealer-laden Windows or Mac rogue client downloads. Windows users would receive a remote access trojan (RAT) and infostealer combo, while Mac users would get the infamous Atomic Stealer (AMOS) strain.

Campaign terminated, impacted users still at risk

After details of the malicious campaign made the news, threat actors reportedly terminated the campaign.

Popular Web3 job site CryptoJobsList also removed the rogue listings from its platform, warning previous applicants that they have been scammed and urging them to perform malware scans on their devices.

Defending against crypto scams and other digital threats

Crypto scams are unfortunately plaguing the digital realm, and threat actors are constantly devising new, cunning techniques to target unsuspecting victims.

While understanding how crypto scams work and how they can affect you is crucial in defending against them, using dedicated software can boost your protection even more.

Bitdefender Ultimate Security offers real-time protection against viruses, Trojans, rats, worms, zero-day exploits, spyware, ransomware, rootkits, and other cyber threats. It also encompasses relevant features such as network threat prevention, behavioral detection for active apps, web attack prevention, anti-fraud, anti-spam, anti-phishing, and cryptojacking protection.

Additionally, Scamio, our AI-powered scam detection service, can help you quickly detect scams in texts, emails, social media messages, links, images or QR codes. It also works with given scenarios: describe the situation and Scamio will assess its perceived legitimacy.

Scamio is free and available on Facebook Messenger, WhatsApp, Discord and your web browser. You can also help others stay safe by sharing Scamio with them in France, Germany, Spain, Italy, Romania, Australia and the UK.