Are you prepared to hack Chinese language web sites and take management for random folks for as much as $100,000 a month?
Somebody is making that appetizing, unusual, and clearly sketchy job supply precisely. The individual makes use of what seems to be a collection of faux accounts with avatars that present footage of enticing ladies and slip into direct messages of Some Cybersecurity Experts and Researcher Above x Over the previous few weeks.
“We’re recruiting WebShell engineers and groups to penetrate Chinese language web sites all over the world with a month-to-month wage of as much as $100,000. In the event you’re , you may be a part of the channel first.”
For some motive I acquired this message from an X account named “See my homepage”. This had @jerellayce88010, which gave the impression to be randomly generated.
Once I adopted the hyperlink, I used to be in a position to see the channel administrator, the one that had an avatar generated by the pirate AI, named “Jack.”
“Are you proficient in penetration methods?” Jack requested me.
I am not, however I requested Jack to inform them extra about their objectives.
“Get a webshell from a registered area in China. There are not any particular targets. So long as the area is registered in China, that is our goal vary,” Jack mentioned. Webshella program or script that hackers can use to manage a hacked net server. “You should perceive Chinese language CMS…” – See the content material administration system, the software program that runs the backend of your web site.
Sure, however crucially, why?
“All I want is Chinese language transportation,” Jack mentioned. I most likely misplaced endurance with my questions.
I perceive, however for what?
At this level, Jack was positively uninterested in my questions and gave me the problem. Get 3 net shells in a site registered in China. Jack gave me $100 for every area I used to be hacked.
Alas, I nonetheless haven’t any abilities to do it or the willingness to interrupt the regulation. As a substitute, I continued asking questions equivalent to who Jack was working for. “The Indian authorities,” replied, however in a subsequent chat, Jack contradicted that and condemned the automated translation.
I spoke to a few of the researchers who received Jack’s unusual job presents, they usually had been confused too. For instance, they did not say they acquired malicious hyperlinks or suspicious questions that pointed to some type of doxing or fraudulent marketing campaign.
“I believe it is a troll [rather] S1R1US, a safety researcher who acquired a DM from considered one of Jack’s Sock Puppet accounts in X, mentioned “greater than some critical risk actors.”
Grugq, a widely known cybersecurity professional, informed TechCrunch he had by no means seen something like this recruitment marketing campaign. “I’ve seen [people] Ask silly questions and spam varied cybersecurity-related issues,” he mentioned.
In accordance with Grugq, the purpose might be to contaminate folks in China with malware, because it is mindless to make use of Chinese language domains to launch DDOS assaults and spam.
“I actually cannot consider the WTF they’re doing,” concluded Grugq. “That does not make sense.”
Apparently, no different folks can do it both. God Pace, Jack, no matter journey you might be on.
