A cyber campaign is tricking job seekers into downloading backdoor malware through fake interview websites. This malware is notable for its simplicity and cross-platform capability, while attempting to hijack the MetaMask Chrome extension, threatening victims' cryptocurrency. The Moonlock Lab tracked this attack, which employs multiple stages, aiming for persistence rather than one-time data theft. New domains continue to arise, and several security entities have analyzed the situation, providing insights and research findings. The campaign particularly targets software developers looking for blockchain job opportunities.
Usually starts with a "recruiter" from known company e.g. Kraken, MEXC, Gemini, Meta. Pay ranges + messaging style are attractive—even to those not actively job hunting.
This attack remains active with new domains regularly appearing to lure more victims. Many individual security researchers and companies have published excellent analyses.
Collection
[
|
...
]