Malicious crypto scammers have been found to be fishing for their victims posing as job recruiters online. Popular cyber investigator Taylor Monahan, who goes by the username @tayvano_, has posted an update to his 85,000 followers on X. As per the update, scammers are using recruiting platforms like LinkedIn to reach out to job seekers, asking them to fix issues with video-call software and subsequently injecting malicious malware to get access to the victims’ computers. Monahan works in the security division of crypto wallet MetaMask.
The post, part of a thread on the threat, published by Monahan shared screenshots of the job listing circulated by the scammers. The post shows the fraudulent job opening of “Business Development Lead” at an entity named ‘Halliday’. To entice people to apply for this senior level position, the post boasts an annual salary bracket of $300,000 (roughly Rs. 2.56 lakh) to $350,000 (roughly Rs. 2.99 lakh)
Once job seekers end up answering questions, the scammers ask them to record a video answering the last question. On clicking the ‘Request Camera Access’ button, another prompt pops up asking the people to fix an issue with the camera or the microphone.
“Once you do it, Chrome will prompt you to update/restart to ‘fix the issue’. It’s not fixing the issue. There are SO many malicious actors who spend all day trying to trick you into copy/pasting/run code like this. It will always destroy you,” the Web3 investigator noted.
The screenshot posted by Monahan showed that the malicious ‘fix the issue’ message pops up with the title “Access to your camera or microphone is currently blocked”. The investigator also warned that the scammers could give varying instructions to potential victims for fixing the bug, depending on the system they use – Mac, Windows, or Linux.
How it works / what we’ve seen:
Usually starts with a “recruiter” from known company e.g. Kraken, MEXC, Gemini, Meta.
Pay ranges + messaging style are attractive—even to those not actively job hunting.
Mostly via Linkedin. Also freelancer sites, job sites, tg, discord, etc. pic.twitter.com/vRwJUoKFlB
— Tay :sparkling_heart: (@tayvano_) December 28, 2024
This malware lets the scammers access the victims’ systems through backdoor entries, which can subsequently let them get into crypto wallets and drain funds.
If you follow their instructions, you are fucked.
They vary depending whether you are on Mac/Windows/Linux.
But once you do it, Chrome will prompt you to update/restart to “fix the issue.”
It’s not fixing the issue. It’s fully fucking you. pic.twitter.com/ZEn2HpuAEb
— Tay :sparkling_heart: (@tayvano_) December 28, 2024
The FBI, in its recent report, claimed that crypto scammers had become more sophisticated in terms of identifying and attacking their victims. In July, the Securities division of the Washington State Department of Financial Institutions (DFI) also said that scammers had spiked up activities posing as professors or academicians on platforms including Facebook, WhatsApp and Telegram to find and communicate with potential victims.
Insiders from the crypto sector like Monahan have asked people to be vigilant and up to date with community alerts and warnings to prevent risking their funds. Earlier this year, Yi He, the co-founder of Binance, had flagged an impersonation scam that was circulating on X where scammers were misusing her identity to promote a fake crypto token on X.
