Crypto hackers use fake job postings to attack users
Date: 2025-02-19 Author: Henry Casey Categories: BUSINESS
A Moonlock Lab study has shown that hackers use a simple but effective backdoor program. Unlike complex malware with obfuscation methods, this virus is distributed in source code along with a Go executable, which makes it universal across different operating systems. Particularly dangerous is the function that allows intercepting permissions of the MetaMask browser extension in Chrome, which can lead to the complete loss of funds from the crypto wallet.
Unlike traditional hacking methods, when attackers immediately withdraw funds, the new scheme involves a long-term hidden presence of malware on the victim's device. First, the program gains access to the computer's credentials and then allows hackers to remotely control the system, extracting additional files and confidential data. This distinguishes this attack from regular "stealers" that collect information on a given list one-time.
To minimize the risk of detection, the virus affects only one cryptocurrency extension, avoiding other processes. However, after gaining remote access, attackers can manually search for other cryptocurrency services and financial data on the device.
Moonlock Lab specialists note that the malware is compatible with most operating systems, including Windows, Linux, and macOS, and supports both Intel and ARM architectures.
Earlier, Kenyan law enforcement officials reported that the official account of the Directorate of Criminal Investigations (DCI) on the X social network was hacked. Hackers used it to promote the fake $DCI token.
