Security News > 2023 > February > Hackers use fake crypto job offers to push info-stealing malware

A campaign operated by Russian threat actors uses fake job offers to target Eastern Europeans working in the cryptocurrency industry, aiming to infect them with a modified version of the Stealerium malware named 'Enigma.

The attacks start with an email pretending to be a job offer with fake cryptocurrency interviews to lure their targets.

If the victim is tricked into launching the executable, a chain of payloads is executed that eventually downloads the Enigma information-stealing malware from Telegram.

The threat actors abuse this vulnerability to disable Microsoft Defender before the malware downloads the third payload. The third-stage downloads the final payload, Enigma Stealer, from a private Telegram channel, which Trend Micro says is a modified version of Stealerium, an open-source information-stealing malware.

Finally, the server's default time zone is set to Moscow, another indicator that the threat actors are Russian.

It is more common to see North Korean threat actors operate campaigns promoting fake job offers targeting people working in the fin-tech industry.

News URL

https://www.bleepingcomputer.com/news/security/hackers-use-fake-crypto-job-offers-to-push-info-stealing-malware/