Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Critical Cursor IDE RCE Vulnerabilities Allow Zero-Click Prompt Injection
July 1, 2026
Automated Password Spray Attacks Target Microsoft Azure CLI
July 1, 2026
Reduce Alert Fatigue to Improve SOC Efficiency and Cut Business Costs
July 1, 2026
Home/Threats/Web3 Developer Environments Targeted by Social Engineering Campaign Leveraging Fake Interview Software
Threats

Web3 Developer Environments Targeted by Social Engineering Campaign Leveraging Fake Interview Software

A significant shift is underway in how threat actors operate across the cybersecurity landscape. Attackers are increasingly moving beyond traditional hunting methods like widespread phishing emails...

Jennifer sherman
Jennifer sherman
January 12, 2026 2 Min Read
56 0

A significant shift is underway in how threat actors operate across the cybersecurity landscape. Attackers are increasingly moving beyond traditional hunting methods like widespread phishing emails and generic cold outreach.

Instead, they are now creating sophisticated traps designed to make high-value targets walk directly into their schemes.

This new approach, called “inbound” social engineering, is currently focusing on Web3 and cryptocurrency sectors with significant success rates.

The attack strategy relies on a simple but effective psychological approach. Attackers create convincing fake companies or copy legitimate Web3 firms, then post job openings for attractive positions through websites like youbuidl.dev.

This method lowers the victim’s defenses because job seekers believe they are the ones initiating contact.

They do not expect danger from an opportunity they are pursuing. The real target here is the person behind the screen, who likely has personal cryptocurrency wallets installed on their computer.

Many victims even apply for these fake jobs using their corporate laptops, giving attackers a direct path into major financial institutions.

Aris Haryanto identified and documented this emerging threat after discovering the technical mechanics of how the malware operates within these recruitment campaigns.

His analysis revealed that the attack follows a standard corporate interview workflow to maintain legitimacy throughout the process.

The execution begins when candidates receive a professional-looking interview invitation from fraudulent domains like collaborex.ai. During the video interview stage, victims are asked to download what appears to be a legitimate meeting application.

The malicious file, named collaborex_setup.msi, is downloaded and executed on the victim’s system. Once launched, the installer quietly initiates a Command and Control connection to the attacker’s server at IP address 179.43.159.106 in the background.

Command and Control Communication and Data Exfiltration

The malware’s connection to the C2 server marks the beginning of complete system compromise. When the collaborex_setup.msi file runs, it establishes a hidden communication channel with the attacker’s infrastructure.

This connection allows the threat actors to remotely control the infected computer without the user’s knowledge.

The attackers can then extract sensitive information such as private cryptocurrency keys, wallet credentials, and corporate data.

For developers working at crypto exchanges or DeFi protocols, this access means direct theft of institutional funds and intellectual property.

The malware runs silently in the background, making it extremely difficult for standard antivirus solutions to detect the malicious activity.

The threat actors can maintain persistent access to the system indefinitely, continuously monitoring and stealing data as needed.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCybersecurityMalwarephishingSecurityThreat

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

Top 10 Best Network Security Solutions for IT Managers – 2026

Next Post

Critical Apache Struts 2 Vulnerability Allow Attackers to Steal Sensitive Data

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Critical Adobe ColdFusion Vulnerabilities Let Attackers Run Code
July 1, 2026
Critical Buffa Rust Library 0-Day DoS Vulnerability in Anthropic
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us