Job seekers are lured by postings that mimic big names like Coinbase, Robinhood and Uniswap. Recruiters reach out through LinkedIn or email. They invite candidates to a “skill‑testing” site. It feels harmless at first. Behind the scenes, the site is collecting system details and browser info.
The trojan then opens a back door for remote control. It can take screenshots, manage files, steal browser data and keep a hidden presence on the system.
North Korean hackers used a fake recruitment test in April before the $1.4 billion Bybit heist. And they’ve tried similar tricks with infected PDFs and malicious links.
Security teams are on alert. They recommend checking every URL for spelling mistakes and odd domains. Experts say to verify job offers through trusted channels.
Endpoint detection tools should flag any script that calls remote servers. And multi‑factor authentication can block stolen passwords from giving full access.
This alert shows how far state‑linked actors will go to steal crypto assets. The mix of social engineering and custom malware is a potent risk. Anyone hunting for work in blockchain should double‑check every link and never run unverified code.
Keeping hardware wallets offline and using separate profiles for job hunting can cut down on exposure. Vigilance in the hiring process and solid technical controls remain the best defense against these evolving threats.
Featured image from Shutterstock, chart from TradingView
