A sophisticated attack targets web3 professionals, tricking them into running malicious code on their systems during fake interviews as part of a lucrative offer from cryptocurrency scammers posing as recruiters.

On December 28, serial detective Taylor Monahan It has been marked A new scheme is being exploited by bad actors who claim to be recruiting for prominent cryptocurrency companies to engage targets with lucrative job offers on platforms like LinkedIn, freelancing platforms, Telegram, etc.

Once the victim is interested, they are redirected to a video interview platform dubbed “Willo | “Video interviews,” which are not harmful in and of themselves but are designed to make the entire scheme appear convincing to victims.

As part of the process, victims are initially asked standard industry-related questions, such as their views on important cryptocurrency trends over the next 12 months. These questions help build trust and make the interaction seem legitimate.

But the real attack unfolds during the final question, which requires being recorded on video. When trying to set up a video recording process, victims encounter a technical problem with the microphone or camera.

This is when the real attack begins, where the website offers malicious troubleshooting steps disguised as a solution to the problem.

According to Monahan, if a user follows the steps, which in some cases include executing system-level commands depending on their operating systems, they are giving attackers backdoor access to their device.

“It allows them to do anything on your device. It's not really a general-purpose theft tool, it's a general-purpose access tool. Eventually they'll come back to you via whatever means required,” Monahan wrote.

This access potentially allows malicious actors to bypass security measures, install malware, monitor activity, steal sensitive data, or drain cryptocurrency wallets without the victim's knowledge, based on typical results observed in similar attacks.

Monahan advised cryptocurrency users to avoid running unfamiliar code and recommended that those who may have been exposed to such attacks completely wipe their devices to prevent further compromises.

The attack goes out The usual tactics Seen in similar recruitment scams. For example, cybersecurity company Cado Security Labs, earlier this month, open A scheme involving a fake meeting app that injects malware, enabling attackers to drain cryptocurrency wallets and steal credentials stored in the browser.

Likewise, last year, crypto.news I mentioned An incident in which fraudulent recruiters targeted blockchain developers on Upwork, asking them to download and patch malicious npm packages hosted on a GitHub repository. Once executed, these packages deploy scripts that give attackers remote access to victims' devices.