Criminals Gain Access to Digital Currencies under Cover of "Microphone Spying"
In a recent revelation, Taylor Monahan, the developer of MetaMask, has exposed a new cybercrime scheme that is exploiting the hiring process at cryptocurrency companies. The scheme, primarily operating through sophisticated fake job applications and recruitment scams, aims to infiltrate crypto firms and steal data or install malware.
The scam often begins with phishing emails offering fake job interviews or onboarding apps. When downloaded, these apps secretly run cryptocurrency miners like XMRig, which perform checks to evade detection and ensure effective operation. Some scams involve impersonating recruiters who send malicious crypto-related investment opportunities or ask victims to transfer funds, often freezing victim withdrawals to steal assets.
Hackers pose as legitimate job applicants or recruiters, sometimes using fake emails from well-known crypto security companies like CrowdStrike. The malware launcher is delivered as a Windows executable, but there is an option for MacOS as well, indicating both platforms are at risk. The malware’s environment checks are tailored to these systems to avoid detection and ensure effective mining operation.
The broader objective of this scheme is to gain access to sensitive crypto firm systems or directly steal crypto assets through fraud and malware. The incident at DMM Bitcoin, a Japanese cryptocurrency exchange, started with a fake recruiter on LinkedIn and resulted in significant financial damage, with losses amounting to $308 million. According to the FBI, the DMM Bitcoin incident was orchestrated by North Korean state-backed hackers known as TraderTraitor.
Scammers are known to pose as recruiters from companies such as Kraken, MEXC, Gemini, and Meta. They offer roles for technical specialists, traders, and analysts, with salaries ranging from $200,000 to $350,000. Monahan did not disclose the number of victims or the total financial damage caused by the scheme.
This new cybercrime scheme is being carried out on various platforms such as LinkedIn, Discord, Telegram, and freelance websites. Job seekers at cryptocurrency companies are advised to exercise caution and verify the authenticity of job offers before downloading any apps or providing sensitive information.
Investors should be wary when receiving cryptocurrency-related investment opportunities, as some may be malicious and aim to steal assets. These scams can also install malware like XMRig on victims' devices to perform covert mining.
Cybercriminals often impersonate recruiters from renowned crypto exchanges and finance companies such as Kraken, MEXC, Gemini, and even Meta (as in MetaMask), tricking job seekers into running malware or sharing sensitive data.
