YouTube player

Trend Micro recently discovered an active campaign that uses a fake employment  pretext to steal information from applicants. The ads are crafted to target Eastern Europeans working in the cryptocurrency industry. An executable disguised as a word document is sent to the job applicants as part of the interview process. When run, the program downloads and the Enigma information-stealing malware from Telegram. The malware targets system information , tokens, and passwords stored in web browsers, along with data stored in Microsoft Outlook and other apps. It also captures screenshot from the compromised system, extracts clipboard content and sends all that data back to the threat actor via Telegram.

This segment was created for the It’s 5:05 podcast