Job scams are evolving fast, especially for professionals in the crypto world. A new report reveals that fake interviews are being used to spread malware called GolangGhost.
These scams target job seekers in centralized finance roles, luring them with fake offers from known crypto companies. Attackers pretend to be recruiters and reach out on platforms like LinkedIn or X.
After gaining trust, they ask candidates to complete a video interview using a malicious platform. However, the software is just a trap to infect the victim’s device.
Fake Interview Apps Deliver Malware
Researchers say this tactic, known as ClickFix, tricks users by showing a fake camera error. The fake error asks them to download a “fix” or run a script.
On Windows, the user is told to open Command Prompt and run a command that secretly downloads malware. On macOS, the user must do the same through Terminal.
These scripts launch a backdoor known as GolangGhost and a stealer tool called FROSTYFERRET. Both tools silently collect system info and browser data.
Malware Can Steal Sensitive Data
FROSTYFERRET shows a fake browser message asking for access to the camera or mic. Then, it prompts for the system password.
Even if the password is wrong, it still gets stolen. The attackers store this stolen data on a Dropbox location. This data may help them access accounts like iCloud Keychain.
The GolangGhost malware can send stolen files, receive commands, and upload browser history. It gives attackers full control of the infected device.
Scams Target Non-Technical Roles
Interestingly, this campaign doesn’t target developers. Instead, it focuses on roles like asset managers, business leads, and DeFi experts.
This shift shows how threat actors adapt their approach to catch more victims. By avoiding technical roles, they may face fewer users who recognize malware tricks.
How to Stay Protected from Fake Job Offers
To protect yourself from job scams and malware:
- Avoid downloading unknown software for interviews.
- Verify interview platforms through official company websites.
- Be cautious if asked to run system commands.
- Use antivirus tools that detect suspicious scripts.
- Enable multi-factor authentication on sensitive accounts.
Job scams are growing smarter. However, staying cautious and verifying every step can stop attackers in their tracks.
Sleep well, we got you covered.
