Thieves infiltrating cryptocurrency accounts via microphone eavesdropping
A new cyber attack is targeting job seekers in the cryptocurrency industry, disguising itself as job offers from reputable companies like Kraken, MEXC, Gemini, and Meta. The attackers are offering lucrative positions as tech specialists, traders, and analysts, with salaries ranging from $200,000 to $350,000.
The attack begins when a potential victim is invited to a text interview on the Willo site, a platform that is often used for job interviews. Once the applicant follows the instructions, malware is installed on their device, granting criminals unauthorised access.
In the final stage of the attack, the applicant is asked to record a video response. A pop-up appears during the video recording, asking for camera and microphone access. The site supposedly reports an equipment error and suggests updating drivers or restarting the browser, but these actions only serve to further the attack.
The scam affects macOS, Windows, and Linux systems, and the details about the number of victims or total damage from the current cyber attack are not specified. However, a similar attack was perpetrated by the North Korean hacker group TraderTraitor in the past, resulting in $308 million in losses in the DMM Bitcoin case.
It is important to be vigilant when applying for jobs, especially in the cryptocurrency industry. Job seekers should be wary of any job offers that ask for personal information or require the installation of software on their devices. If a job offer seems too good to be true, it probably is.
If you believe you have been a victim of this cyber attack, it is recommended that you change your passwords, run a full system scan, and contact the relevant authorities. It is also a good idea to keep your antivirus software up to date and to be cautious when clicking on links or downloading attachments from unknown sources.
Stay safe, and happy job hunting!
[1] The search results did not contain information about a new cyber attack targeting job seekers in crypto companies. The content mainly discussed legal and jurisdictional issues related to cryptocurrency developers and privacy protocols, with no mention of cyber attacks or job seeker targeting.
