Security News > 2023 > February > Hackers use fake crypto job offers to push info-stealing malware
A campaign operated by Russian threat actors uses fake job offers to target Eastern Europeans working in the cryptocurrency industry, aiming to infect them with a modified version of the Stealerium malware named 'Enigma.
The attacks start with an email pretending to be a job offer with fake cryptocurrency interviews to lure their targets.
If the victim is tricked into launching the executable, a chain of payloads is executed that eventually downloads the Enigma information-stealing malware from Telegram.
The threat actors abuse this vulnerability to disable Microsoft Defender before the malware downloads the third payload. The third-stage downloads the final payload, Enigma Stealer, from a private Telegram channel, which Trend Micro says is a modified version of Stealerium, an open-source information-stealing malware.
Finally, the server's default time zone is set to Moscow, another indicator that the threat actors are Russian.
It is more common to see North Korean threat actors operate campaigns promoting fake job offers targeting people working in the fin-tech industry.
News URL
Related news
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- Crypto-stealing malware campaign infects 28,000 people (source)
- Perfctl malware strikes again as crypto-crooks target Docker Remote API servers (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)