Are you willing to hack Chinese websites and take control for random people for up to $100,000 a month?
Someone is making that appetizing, strange, and clearly sketchy job offer accurately. The person uses what appears to be a series of fake accounts whose avatars display pictures of attractive women, and slips into the direct message of some cybersecurity experts and researchers in X over the past few weeks.
“We are recruiting WebShell engineers and teams to penetrate Chinese websites around the world with a monthly salary of up to $100,000. If you're interested, you can join the channel first.”
For some reason I received this message from an X account named “See my homepage”. This had @jerellayce88010, which appeared to be randomly generated.
When I followed the link, I was able to see the channel administrator, the person who had an avatar generated by the pirate AI, named “Jack.”
“Are you proficient in penetration techniques?” Jack asked me.
I'm not, but I asked Jack to tell them more about their goals.
“Get a webshell from a registered domain in China. There is no specific target. As long as the domain is registered in China, that's our target range,” Jack mentioned a webshell, program, or script that hackers can use to control hacked web servers. “You need to understand Chinese CMS…” – See the content management system, the software that runs the backend of your website.
Yes, but crucially, why?
“All I need is Chinese transportation,” Jack said. I probably lost patience with my questions.
I understand, but for what?
At this point, Jack was definitely tired of my questions and gave me the challenge. Get 3 web shells in a domain registered in China. Jack gave me $100 for each domain I was hacked.
Alas, I still have no skills to do it or the willingness to break the law. Instead, I continued asking questions such as who Jack was working for. “The Indian government,” replied, but in a subsequent chat, Jack contradicted that and condemned the automatic translation.
I spoke to some of the researchers who got Jack's strange job offers, and they were confused too. For example, they didn't say they received malicious links or suspicious questions that pointed to some sort of doxing or fraudulent campaign.
“I think it's a troll [rather] S1R1US, a security researcher who received a DM from one of Jack's Sock Puppet accounts in X, said “more than some serious threat actors.”
Grugq, a well-known cybersecurity expert, told TechCrunch he had never seen anything like this recruitment campaign. “I have seen [people] Ask stupid questions and spam various cybersecurity-related things,” he said.
According to Grugq, the goal is probably to infect people in China with malware, as it makes no sense to use Chinese domains to launch DDOS attacks and spam.
“I really can't think of the WTF they're doing,” concluded Grugq. “That doesn't make sense.”
Apparently, no other people can do it either. God Speed, Jack, whatever adventure you are on.