Malicious job offers purporting to be from widely known companies have been leveraged by threat actors to facilitate the distribution of cryptocurrency-stealing malware, reports Cybernews.
Attackers pretending to be recruiters from Meta, Gemini, Kraken, and MEXC have used LinkedIn, Telegram, Discord, and other job sites to provide high-paying offers mainly targeted at those seeking business development posts before eventually sending a link the "Willo | Video Interviewing" website, according to MetaMask security researcher Taylor Monahan. Such a link redirected to a job interview questionnaire, which requires targets to produce a video recording, with the attacker-provided fix for the faulty video functionality then triggering the malware.
"If you get hit with this, you need to wipe your computer. Especially if your wallets haven't been drained. There are so many malicious actors who spend all day trying to trick you into copying/pasting/running code like this. It will always destroy you," said Monahan.
