Cryptocurrency thieves exploit microphone vulnerabilities for unauthorized asset acquisition
A new cybercrime scheme, unveiled by Taylor Monahan, a developer at MetaMask, is targeting job seekers in the cryptocurrency industry. This scheme involves scammers setting up fake trading or investment sites to deceive victims into transferring their cryptocurrency funds.
In one reported case, a victim was tricked into sending $250,000 worth of cryptocurrency to a fraudulent trading site called NTU Capital. Instead of using known mixers like Tornado Cash or exchanges like Coinbase, the scammer laundered the money by swapping Bitcoin for Ethereum via an instant-exchange service and then moving Ethereum among self-controlled wallets to conceal the trail.
Taylor Monahan's analysis has shown that the stolen funds never interacted with Tornado Cash or mainstream exchanges, contradicting claims made by some authorities and recovery firms. This scheme preys upon victims who are job seekers or investors lured by fake cryptocurrency job or trading opportunities, leading them to transfer their digital assets to scammers' controlled wallets under false pretenses.
The scheme is active on various platforms such as LinkedIn, Discord, Telegram, and freelance websites. Scammers pose as recruiters from reputable companies like Kraken, MEXC, Gemini, and Meta, and the process often begins with an interview via the Willo platform. During the interview, candidates are asked questions about the cryptocurrency market and tasked with developing a business expansion strategy.
In the final stage, candidates are asked to record a video response. A pop-up window then requests access to the user's microphone and camera. Following this, the platform simulates a hardware error, prompting users to update drivers or restart their browser. The actions taken after the pop-up window request on the Willo platform install a backdoor on the victim's device, providing hackers with access to the victim's device and cryptocurrency assets.
The attack on the Japanese cryptocurrency exchange DMM Bitcoin, which resulted in $308 million in losses, was orchestrated by North Korean state-backed hackers known as TraderTraitor. While the exact number of victims and the total financial damage from this new attack are not disclosed by Taylor Monahan, it underscores the importance of vigilance and caution when dealing with job opportunities and investment offers in the cryptocurrency sector.
[1] Monahan, T. (n.d.). Twitter Post. Retrieved from https://twitter.com/tayvano/status/1525587676819477504 [2] Monahan, T. (n.d.). Twitter Post. Retrieved from https://twitter.com/tayvano/status/1525588006470021120 [3] Monahan, T. (n.d.). Twitter Post. Retrieved from https://twitter.com/tayvano/status/1525610550117201920
- The new cybercrime scheme, as uncovered by Taylor Monahan, not only targets job seekers in the cryptocurrency industry but also deceives investors, luring them into transferring their digital assets to scammers' controlled wallets under false pretexts, often with the pretense of investment or trading opportunities in Bitcoin or other technologies.
- Despite claims made by some authorities and recovery firms, Taylor Monahan's analysis indicates that the stolen funds in this scheme never interacted with known finance platforms like Tornado Cash or mainstream exchanges like Coinbase, emphasizing the need for consumers and investors to prioritize cybersecurity measures when dealing in cryptocurrency finance.
