"Scammers Impersonate Companies to Steal Cryptocurrency from Job Seekers"

Security researchers at CloudSEK have discovered a major new scam operation designed to trick job seekers into parting with cryptocurrency by getting them to complete meaningless tasks they believe will earn them money.  The researchers have dubbed the operation "WebWyrm," it has already targeted more than 100,000 individuals across over 50 countries by impersonating over 1000 companies across 10 industries.  The researchers noted that it has already potentially netted the scammers over $100m.  The researchers stated that the scammers approach victims primarily on WhatsApp, potentially using data from recruitment portals to target their schemes to those most likely to respond.  Promising a weekly salary of $1200-1500, they request the victim to complete 2-3 "packets" or "resets" per day, with each containing 40 tasks.  The researchers noted that after depositing funds into a cryptocurrency wallet like KuCoin or Shakepay, the victim is told that once a task is performed, the platform will take the money out of their account and put it back in along with commission.  They are then told that "combo tasks" could earn them a huge sum of money but that it requires more money than the $100 in USDT deposited in their account by the scammers on starting the scheme.  The researchers note that the catch is that a user can't withdraw their returns until all combo tasks in a row have been completed, with each new task requiring twice the amount invested the previous time.  Once the victim encounters a combo task, they are stuck in a recurring loop of WebWyrm.  The researchers stated that in an attempt to complete the tasks and access their returns, the victim deposits twice the original amount for each successive task.  However, these relentless combo tasks persist even as the victim exhausts their bank account.  On contacting the referral person or the platform developers, they start intimidating them by asking them to finish the assigned tasks of the day, or the account would be frozen.  Eventually, their accounts are frozen.  The researchers stated that the operation is particularly sophisticated, featuring dedicated contacts who interact with victims on WhatsApp and other platforms and approximately 6000 fake websites where they are told to register their accounts.  These sites spoof legitimate companies in a highly geo-targeted way, with associated WhatsApp numbers featuring country codes relevant to the victim's location.  The researchers noted that the scammers exploit the transient nature of their scheme, hosting fake domains on an IP address or Autonomous System Number (ASN) for an average of 2-4 months.  When abuse reports arise, scammers swiftly transition to new infrastructure, preserving the integrity of their operation.

Infosecurity reports: "Scammers Impersonate Companies to Steal Cryptocurrency from Job Seekers"