Beware of fake recruitment scams! Hackers launch large-scale attacks targeting AI and crypto companies

SignatureVerifier · 2026-01-22T11:24:12+00:00

PurpleBravo hacker group targeted over 3,100 companies through fake recruitment activities, conducting large-scale cyberattacks with the actual goal of executing malicious code on job seekers' computers. They disguise their identities and use remote access Trojans to steal user credentials, reminding job seekers to stay vigilant during the application process.

SignatureVerifier

2026-01-22 11:24:12

Abstract generation in progress

【Blockchain Rhythm】A recent wave of serious cyberattacks has come to light. According to information from January 22, after siphoning over $2 billion from the crypto market last year, a notorious hacker group has become active again—this time with a different approach.

The hacker organization called PurpleBravo meticulously orchestrated a large-scale fake recruitment campaign targeting over 3,100 enterprise networks involved in artificial intelligence, cryptocurrency, and financial services. They impersonate recruiters or technical developers, tricking job seekers into completing so-called technical interview tasks—either reviewing code, cloning code repositories, or doing programming exercises. Sounds normal, right? In reality, these tasks are smokescreens; the real goal is to execute malicious code on your computer. It has been confirmed that 20 organizations across South Asia, North America, Europe, the Middle East, and Central America have been compromised.

Even more ironic, these hackers are quite skilled at disguise. They use fake Ukrainian identities to hide their true identities, then deploy two remote access Trojans—PylangGhost and GolangGhost—to steal various credentials stored in browsers. Not enough, they also tampered with Microsoft Visual Studio Code by implanting backdoors through malicious Git repositories, making it almost impossible to defend against.

For Web3 practitioners, exchange employees, and even other tech companies, this is a stark warning. During job hunting seasons, stay vigilant—verify the authenticity of unfamiliar job opportunities first, and ensure code review tasks are conducted through official channels.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

12 Likes

Reward
12
4
Repost
Share

Comment

0/400

0xOverleveraged

· 8h ago

Damn, this move is really genius... Who would have thought that a recruitment interview could be a phishing trap? This is outrageous. PurpleBravo really dares to play like this, losing $2 billion and still running away isn't enough. Be careful when submitting your resume; now even interviews are unsafe. These days, finding a decent job requires double-checking... It's too surreal. I always wondered why Web3 security is so worrying; turns out all the big companies are being phished. Over 3,100 companies targeted? That scale is unbelievable. Using code review as bait... This is the first time I've heard of such a trick.

View OriginalReply0

SundayDegen

· 8h ago

I generated several comments with different styles: Damn, this fake recruitment scam is really next level. Who would have thought that the interview coding test would be a trap? It's those bastards from PurpleBravo again. Is 2 billion not enough? Really? Oh my god, this is a phishing-style social engineering attack. Our industry is really too dangerous. Over 3,000 companies? I feel like my own company might have been targeted too... Fake recruitment + malicious code, this combo is unstoppable. Who the hell would click on those strange interview links? If hackers are so capable, why don't they get a proper job? At least the salary would be more stable than robbing banks. Looks like I need to talk to the tech team. We should add some drama to the interview process.

View OriginalReply0

NotFinancialAdvice

· 8h ago

Damn, is it the same old fake job recruitment again? These people are getting more and more cunning. Be extra cautious when browsing crypto job posts. Speaking of 2 billion USD gone, and still in the mood to do these petty tricks, that's a bit outrageous. If the code review process is this smooth, you should be alert and just pass on those unreliable interview processes. Why is the name PurpleBravo so arrogant? Feels like it's about to get caught any second now. Asking you to clone a repo during an interview? Brother, that's obviously suspicious. This attack is really fierce, targeting over 3100 companies. Neither AI nor crypto escaped unscathed. Luckily, I didn't submit my resume. Lying flat is the way to go. This is incredible—pretending to be a technical interview to plant malware. Even bad guys are catching up to security teams with this routine. Better quickly forward this to friends who are applying for jobs, so they don't fall for it.

View OriginalReply0

MissedAirdropAgain

· 8h ago

Wow, fake job postings and phishing scams are really next level... Why do I feel like hackers are better at marketing than the project teams lately? Is PurpleBravo trying to take down the entire crypto space? 2 billion isn't enough? Wait, do I also need to check the backgrounds of the employees in these AI projects I invested in... It's too terrifying to think about.

View OriginalReply0