Security News > 2023 > February > Hackers use fake crypto job offers to push info-stealing malware
A campaign operated by Russian threat actors uses fake job offers to target Eastern Europeans working in the cryptocurrency industry, aiming to infect them with a modified version of the Stealerium malware named 'Enigma.
The attacks start with an email pretending to be a job offer with fake cryptocurrency interviews to lure their targets.
If the victim is tricked into launching the executable, a chain of payloads is executed that eventually downloads the Enigma information-stealing malware from Telegram.
The threat actors abuse this vulnerability to disable Microsoft Defender before the malware downloads the third payload. The third-stage downloads the final payload, Enigma Stealer, from a private Telegram channel, which Trend Micro says is a modified version of Stealerium, an open-source information-stealing malware.
Finally, the server's default time zone is set to Moscow, another indicator that the threat actors are Russian.
It is more common to see North Korean threat actors operate campaigns promoting fake job offers targeting people working in the fin-tech industry.
News URL
Related news
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)
- Microsoft: New RAT malware used for crypto theft, reconnaissance (source)
- Hackers target AI and crypto as software supply chain risks grow (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- New Crocodilus malware steals Android users’ crypto wallet keys (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- Crypto Developers Targeted by Python Malware Disguised as Coding Challenges (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers (source)