Fake Job Offers Used to Deliver Malware
A new cyber campaign is tricking crypto developers into downloading malware through fake job offers. According to Cisco Talos, the group behind this is the North Korea-linked hacker collective Famous Chollima.
The attackers impersonate major crypto companies like Coinbase and Uniswap. Victims are invited to apply for remote jobs and asked to record a short video. In doing so, they unknowingly download malware onto their systems.
This malicious file acts as a remote access tool, giving attackers full control over the device. Their goal is to steal personal and professional data. They later use this stolen identity to apply for real jobs at crypto firms.
Real Jobs, Real Risk: Infiltrating Financial Firms
The ultimate aim isn’t just identity theft—it’s financial infiltration. Once hired under a stolen identity, attackers may gain access to internal systems, funds, or sensitive data.
Cisco’s Henrik Bergqvist warns that this could lead to insider fraud or theft of digital assets. So far, most victims are from India and the U.S., but fake job ads have also appeared in Sweden.
Job seekers and companies alike should stay alert. Always verify domains, avoid downloading unknown software, and insist on verified video interviews or face-to-face meetings. A lack of transparency is a major red flag.
