Cryptocurrency thieves are utilizing "microphone eavesdropping" to pilfer digital assets
Crypto Job Scam Targets Windows and macOS Users, Disguised as Legitimate Job Offers
A new crypto job scam has been identified, targeting job seekers at crypto companies, according to MetaMask Developer Taylor Monahan. The scam operates by sending fake recruitment emails impersonating legitimate companies, such as CrowdStrike, to job seekers. These emails invite victims to download and run a supposed "applicant and employee CRM application" that is actually malware designed to install cryptocurrency mining software.
The malware, specifically the XMRig cryptominer, performs environment checks to evade detection before mining crypto on the victim’s system. This scam affects both Windows and macOS operating systems, as the fake application is available for both.
The fraudulent emails claim a job interview opportunity and request downloading an onboarding app. If the checks pass, the malicious downloader downloads and runs the XMRig cryptominer malware to use the victim’s computer resources to mine cryptocurrency secretly.
The scam continues to use platforms like LinkedIn, Discord, Telegram, and freelance sites to disguise job offers. In the final stage, the applicant is asked to record a video response, and a pop-up requests access to the camera and microphone during the recording.
This scam is not the first of its kind. North Korean hackers TraderTraitor were behind the attack on Japanese crypto exchange DMM Bitcoin, according to the FBI. The attack resulted in $308 million in damages.
Similar to this recent scam, the attack on DMM Bitcoin originated from a fake LinkedIn recruiter. The applicant was led through a text interview on the Willo site, where they were asked about the crypto market and to develop a business expansion strategy.
Other related scams include "task-based" phishing where victims are manipulated into investing cryptocurrency or completing tasks under false pretenses. However, these are more generalized financial scams rather than specific malware targeting OS types.
It is important to note that this is likely a scam, and individuals are advised to be cautious and skeptical. If you receive a job offer that seems too good to be true, it probably is. Always verify the authenticity of the offer before downloading any applications or providing personal information.
[1] Source 1 [2] Source 2 [4] Source 4
- Bitcoin miners are secretly installed on victims' Windows and macOS operating systems by a malicious application disguised as a job application, as seen in a recent crypto job scam.
- Ignoring email job offers or downloading applications without verifying their authenticity could lead to potential cybersecurity threats, such as the XMRig cryptominer malware, which uses technology to perform environment checks to evade detection and mine cryptocurrency.
