Russian hackers are targeting Eastern Europeans with fake crypto job offers, according to a new report.
The threat actors are using malware named Enigma.
Enigma is an info stealer based on Stealerium. The latter is an older stealer malware that enables hackers to track keystrokes and steal money from their targets.
- The infection chain initiates with a phishing message that is usually sent from social media.
- The message contains infected files that convince the target they are being invited for a job interview and are being helped with the preparation for this interview.
- This malware, written in C++, uses API hashing to avoid being detected.
- Enigma is deployed via the popular communication app Telegram.
