Cybersecurity researchers have issued a fresh warning about a new wave of malware attacks targeting cryptocurrency users through deceptive job advertisements. The malware, which is being distributed across professional networking platforms, messaging apps, and targeted email campaigns, disguises itself as a legitimate job posting document but is engineered to compromise more than 50 browser-based crypto wallets once installed.
According to security analysts, attackers are exploiting the growing interest in remote work and freelance opportunities to lure victims into downloading what appears to be a PDF or document containing job details. Instead, the file triggers a multi-stage infection process that deploys a stealthy info-stealer. Once active, the malware scans the user’s browser environment, extracts stored wallet credentials, and intercepts autofill data linked to popular crypto extensions such as MetaMask, Rabby, Phantom, and other Web3 wallets.
Researchers note that the malware’s ability to target so many wallet types simultaneously makes it one of the most concerning threats seen in recent months. Beyond crypto wallets, it can also gather browser cookies, saved passwords, and session tokens—giving attackers deeper access to victims’ digital accounts. Its design suggests that financially motivated cybercriminal groups may be behind the campaign, particularly those previously linked to crypto-theft operations.
The attack also leverages convincing social-engineering tactics. Many of the fake job ads mimic real postings from well-known tech firms, using stolen branding materials to appear authentic. Some victims reportedly received personalized messages from accounts posing as recruiters.
Cybersecurity experts advise users to avoid downloading unsolicited job files, verify opportunities directly through official company websites, and keep browser extensions updated. They also warn crypto users to rely on hardware wallets or use stricter security settings when storing digital assets.
As adoption of Web3 tools grows globally, researchers expect similar malware campaigns to continue evolving, making user vigilance more critical than ever.
Leave a Reply