Searching Fireblocks Crypto Jobs on LinkedIn? Beware Of Fake Recruiter

Fireblocks Crypto Jobs Scam on LinkedIn Exposed: Fake Interviews Alert

Highlights

• Fake Fireblocks crypto jobs hiring used LinkedIn to focus on developers using realistic job interviews.

• The malware was run on the basis of GitHub-coded assignments that were introduced as job applications.

• This crypto job scam happened due to Contagious Interview pattern of attack, the notorious Lazarus Group.

What's The News: Fireblocks Fake Job-Interview Scam.

A leading digital asset custody and security firm, has uncovered and prevented a sophisticated impersonation fraud in the hiring process where attackers impersonate Fireblocks recruiters to target developers and technical experts.

The fraud involved the bogus job interviews through LinkedIn and GoogleMeet, and subsequently, malicious coding assignments on GitHub. The victims were misled into installing malware in their personal computers by believing that they were performing a legitimate recruitment exercise.

The company confirmed that the operation resembles the so-called Contagious Interview campaign, which is a well-documented pattern of attack linked to the Lazarus Group that has been active since 2023.

Source: Official X

How did Fake Fireblocks Recruiters Target Victims?

The attackers approached the candidates through LinkedIn with the assistance of the persuasive profiles of recruiters in most instances, stating that they were HR managers, technical recruiters, or hiring executives of Fireblocks. They were professional picture profiles, realistic work history, and decent network profiles.

Once the contact was established, the candidates were given well-crafted PDF files and links to detailed Figma boards that described a fictional project, commonly referred to as the Poker Platform. The materials were credible as the content waerror-freeee and aligned with branding.

A Real Interview - or a Carefully Planned Trap?

The attackers also held live video interviews using Google Meet, as it is customary in hiring to build more trust. The experience, compensation, and expectations were discussed,d and the final evaluation of the interviewer was called a coding assessment.

The call, when shared, was normally interrupted abruptly, which is a small yet common sign of a red flag in such campaigns.

How Malware is Delivered through GitHub?

The respondents were requested to clone a GitHub repository and run typical setup scripts such as npm install. These are the activities that are normal in the normal developer processes, yet they resulted in the execution of malware covertly.

The company revealed that the campaign used EtherHiding, a method that utilizes blockchain smart contracts to store and retrieve command-and-control infrastructure. This increased the malware such that it was more resistant to takedowns and tracking.

When implemented, the malware would steal:

• Crypto wallets' credentials and private keys.

• Authentication tokens and passwords.

• Company development conditions.

Why Is This a Contagious Interview Attack?

This type of arrangement, equipment, and implementation of this type of fraud resembles the Contagious Interview attack model that is a form of social engineering and attributed to the Lazarus Group. Remote hiring processes are an especially exploited area by this campaign, where running untested code is the order of the day.

The same strategies have been utilized in past attacks on the crypto sector with financial gain and espionage as reported by MITRE ATT&CK and SentinelOne.

What did Fireblocks do to stop the Scam?

The investigation was initiated after some cryptocurrency job seekers went to the company to inquire about a project that was not in existence. The security team was also capable of identifying the impersonation network as fast as possible and collaborating with LinkedIn and GitHub to remove counterfeit accounts and malicious repositories.

To prevent further damage, the company also communicated with intelligence partners, law enforcement, and internal threat hunting.

How Can Job Seekers Stay Safe?

Before searching for Fireblocks crypto jobs, remember that it also emphasizes that it only advertises all legitimate vacancies on the official careers page. The verified recruiters use the company email addresses and verified LinkedIn profiles. It is recommended that candidates not run over Fireblocks crypto jobs salary, and code given in interviews without verification.

Conclusion

The Fireblocks fake recruiter scam demonstrates how criminals take advantage of the trust in the recruitment procedures. Remote recruitment is on the way, and developers must never run untrusted code when attending a job interview.

Disclaimer: This is not investment advice. Do your own research before investing. CoinGabbar has no liability in financial terms. Cryptocurrencies are extremely unstable, and you may lose all your money.