Someone is trying to hire security researchers in a quirky hacking campaign

Are you ready to hack and take control of Chinese websites for a random person for up to $ 100,000 a month?

Someone makes this striking, bizarre and clear schematic job offer. The person uses what looks like a series of fake avatars showing pictures of attractive women and sliding into direct messages on several cybersecurity professionals and researchers to X In the last few weeks.

“We are recruiting engineers and web error teams to penetrate Chinese websites around the world with a monthly salary of up to $ 100,000. If you are interested, you can first join our channel,” read the message that includes a link to the Telegram channel.

For some reason, I also received this message from the X account named “See My Home Page”, which had a username @jerelalyce88010, which seemed to be generated on a random basis.

When I followed the relationship, I was able to see the channel administrator, someone who goes by the name “Jack” and has been generated by AI avatar on pirate.

“Do you stop in penetration technology?” Jack asked me.

I’m not, but I asked Jack to tell me more about their purposes.

“Get webes from Chinese registered domains. There is no specific purpose. While the domain is registered in China, this is our target range,” Jack said, citing to Web shellsPrograms or scripts that hackers can use to control hacked web servers. “You need to find out CMS of China …”-Referring to content management systems, the software that manages the websites of the websites-“… Find doors and be able to get web errors in lots. There is no upper limit for its necessary number. The better is the long-term work. We can establish long-term collaboration.”

Yes, but most importantly, why?

“What I need is China’s traffic,” Jack said, may have lost patience with his questions.

Okay, but for what?

At that moment, Jack was definitely tired of my questions and gave me a task: get me three web shells in every domain registered in China, so I know you have skills. Generously, Jack offered me $ 100 for each hacked domain.

Alas, I still do not have the ability to do it, nor the desire to break the law. Instead, I continued to ask questions, including who Jack was working for. “The Indian Government,” Jack replied, although in a subsequent chat Jack contradicts this, blaming an automatic translation they said they were using because Chinese was their first language.

I talked to some of the researchers who received the strange Jack’s job offer and they were also puzzled. No one said they had received a malicious relationship, for example, or suspicious questions that would have indicated a doxing or fraud campaign.

“I suppose this is a troll (sooner) than some serious threat actor,” says S1R1U, a security researcher who received DM from one of X’s Jack Sockpuppet accounts. “If they want to hire a top talent, this is not the way.”

GrugQ, a well -known cybersecurity expert, told TechCrunch that he had never seen anything like this recruitment campaign. “I have seen (people) asking dumb questions and spam about different cybersecurity things,” he said. “But never by this man of this person.”

According to GrugQ, the goal may be to infect people in China with malware as it makes no sense to use Chinese domains to launch Ddos attacks Or spam because that would not justify high payment.

“I really can’t think of the WTF they do,” GrugQ concluded. “It doesn’t make sense.”

And no one else, obviously. Godspeed, Jack, in any adventure you are embarking on.