Home Fake Web3 recruiters, linked to North Korea, installing crypto-stealing malware

Fake Web3 recruiters, linked to North Korea, installing crypto-stealing malware

TLDR

  • North Korean threat actors pose as Web3 recruiters to install crypto-stealing malware.
  • The malware targets 13 crypto wallets, including MetaMask, Phantom, and Crypto.com.
  • Scammers use fake video call apps to infect devices of job seekers in the tech industry.

Threat actors linked to North Korea, posing as Web3 recruiters, are targeting job seekers to install crypto-stealing malware on their devices.

The fraudsters are misleading the unassuming job applicants into downloading the corrupted software, under the guise of a video call application, to wreak havoc. 

As initially detailed by cybersecurity firm Palo Alto’s Unit 42, the malware is sophisticated enough to penetrate 13 different crypto wallets, including BNB Chain, Crypto.com, Exodus, MetaMask, Phantom, and TronLink. 

It has been claimed the perpetrators are likely carrying out the actions on behalf of the authorities in North Korea, with the proceeds supporting Kim Jong Un’s regime. Last month, the FBI reported North Korea was aggressively similarly targeting crypto businesses.

The report from Unit 42 stated the novel variant of a previously detected version of malware is able to target both Windows and macOS.

The researchers first detailed the ‘contagious interview campaign’ back in November 2023, observing continued activity from the threat actors over the last year, including code updates to two types of malware used in the attack. 

They are the BeaverTail downloader and the InvisibleFerret backdoor.

The former is the initial malware infostealer, executing its malicious code in the background without any visible trace.

How does the Web3 scam, malware attack work?

The attackers set the trap by purporting to be Web3 recruiters.  What they want is to gain access to the devices of job seekers in the tech industry, particularly those believed to have substantial crypto holdings. 

The scammers hone in on software developers through job search platforms, before inviting them to an online interview. Next, they strive to convince the target to download and install the malware, under the pretense of a video call app.

If they are duped, the malicious code will quietly get to work in the background, quickly penetrating crypto wallets to steal the assets.

There have been many warnings posted online about this form of fraud and social engineering, including an article posted to Medium

The author, known as Hainer, advised the malicious campaigns “aim to infect, steal information and cryptocurrencies from people, particularly developer accounts in the cryptocurrency, blockchain, cybersecurity, and online gambling domains.” 

“Onder Kayabasi” was the name of the account that contacted the author on LinkedIn, and although that profile is no longer available, a user account of the same name is still visible on Elon Musk’s X social media platform.

Image credit: Via Ideogram

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech, gambling and blockchain industries for major developments, new product and brand launches, AI breakthroughs, game releases and other newsworthy events. Editors assign relevant stories to in-house staff writers with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Graeme Hanna
Tech Journalist

Graeme Hanna is a full-time, freelance writer with significant experience in online news as well as content writing. Since January 2021, he has contributed as a football and news writer for several mainstream UK titles including The Glasgow Times, Rangers Review, Manchester Evening News, MyLondon, Give Me Sport, and the Belfast News Letter. Graeme has worked across several briefs including news and feature writing in addition to other significant work experience in professional services. Now a contributing news writer at ReadWrite.com, he is involved with pitching relevant content for publication as well as writing engaging tech news stories.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.