Are you prepared to hack and take management of Chinese language web sites for a random particular person for as much as $100,000 a month?
Somebody is making exactly that tantalizing, weird, and clearly sketchy job supply. The particular person is utilizing what seems like a collection of pretend accounts with avatars displaying images of enticing girls and sliding into the direct messages of a number of cybersecurity professionals and researchers on X within the final couple of weeks.
“We’re recruiting webshell engineers and groups to penetrate Chinese language web sites worldwide, with a month-to-month wage of as much as $100,000. In case you are , you’ll be able to be part of our channel first,” learn the message, which included a hyperlink to a Telegram channel.
For some purpose, I additionally obtained this message from an X account named “Take a look at my homepage,” which had a username, @JerelLayce88010, that regarded prefer it was randomly generated.
Once I adopted the hyperlink, I used to be in a position to see the admin of the channel, somebody who goes by the identify “Jack” and has an AI-generated avatar of a pirate.
“Are you proficient in penetration expertise?” Jack requested me.
I’m not, however I requested Jack to inform me extra about their targets.
“Get webshells from Chinese language registered domains. There isn’t a particular goal. So long as the area is registered in China, it’s our goal vary,” stated Jack, referring to internet shells, packages or scripts that hackers can use to regulate hacked internet servers. “You’ll want to perceive China’s CMS” — referring to content material administration techniques, the software program that runs the backends of internet sites — “discover loopholes, and be capable of receive webshells in batches. There isn’t a higher restrict to the quantity we’d like. The extra the higher. It is a long-term job. We will set up long-term cooperation.”
Sure, however crucially, why?
“What I would like is China’s visitors,” Jack stated, maybe shedding persistence with my questions.
OK, however for what?
At this level, Jack undoubtedly received bored with my questions and gave me an task: Get me three internet shells on any area registered in China so I do know you will have the talents. Generously, Jack provided me $100 for every hacked area.
Alas, I nonetheless don’t have the talents to do this, nor the willingness to interrupt the legislation. As a substitute I stored asking questions, together with who Jack was working for. “Indian authorities,” Jack responded, though in a subsequent chat Jack contradicted that, blaming computerized translation, which they stated they had been utilizing as a result of Chinese language is their first language.
I spoke to a number of the researchers who received Jack’s unusual job supply, they usually had been additionally puzzled. No person stated they’ve gotten a malicious hyperlink, for instance, or suspicious questions that may point out some kind of doxing or rip-off marketing campaign.
“I’m guessing it’s a troll [rather] than some severe menace actor,” stated s1r1us, a security researcher who obtained a DM from certainly one of Jack’s sockpuppet accounts on X. “In the event that they wish to rent prime expertise this isn’t undoubtedly the way in which.”
The Grugq, a well known cybersecurity skilled, instructed information.killnetswitch that he has by no means seen something like this recruiting marketing campaign. “I’ve seen [people] asking dumb questions and spamming for varied cybersecurity-related issues,” he stated. “However by no means something just like the persistent, widespread, weird s— from this man.”
In line with The Grugq, maybe the objective is to contaminate individuals inside China with malware, because it doesn’t make sense to make use of Chinese language domains to launch DDoS assaults or spam, as a result of that wouldn’t justify the excessive cost.
“I actually can’t consider wtf they’re doing,” The Grugq concluded. “It is unnecessary.”
And neither can anybody else, apparently. Godspeed, Jack, in no matter journey you’re embarking on.
