A major new scam operation has been discovered by security researchers, targeting job seekers and tricking them into parting with their cryptocurrency. Known as “WebWyrm,” this operation has already affected over 100,000 individuals across 50 countries. By impersonating more than 1,000 companies in various industries, the scammers have potentially earned over $100 million.
WebWyrm primarily approaches its victims through WhatsApp, using data from recruitment portals to target individuals most likely to respond. The scammers promise a weekly salary between $1,200 and $1,500 and ask victims to complete 2-3 “packets” or “resets” per day, each containing 40 tasks.
After depositing funds into a cryptocurrency wallet such as KuCoin or Shakepay, victims are informed that the platform will deduct money from their account for each completed task and then return it along with a commission. However, the scammers also introduce “combo tasks” that supposedly offer significant earnings. To participate in these tasks, victims are required to deposit more money than the initial $100 in USDT that the scammers provide.
The catch is that users cannot withdraw their returns until they have completed a series of combo tasks in a row, with each subsequent task requiring double the amount of the previous investment. This creates a recurring loop in which victims continually invest larger sums in an attempt to access their returns, eventually depleting their bank accounts.
If victims attempt to contact the scammers or the platform developers, they are intimidated into completing the assigned tasks or risk having their accounts frozen. Eventually, their accounts are indeed frozen, leaving them with substantial financial losses.
The WebWyrm operation is highly sophisticated, employing dedicated contacts who interact with victims on WhatsApp and other platforms. It also features approximately 6,000 fake websites where victims are instructed to register their accounts. These websites mimic legitimate companies and utilize geo-targeting tactics, using WhatsApp numbers with country codes relevant to the victims’ locations.
To evade detection, the scammers frequently change their infrastructure by hosting fake domains on different IP addresses or Autonomous System Numbers (ASNs) for an average of 2-4 months. This adaptive tactic ensures their anonymity and operational continuity while disrupting attempts to trace and shut down their operation.
The security firm CloudSEK, which discovered WebWyrm, has shared its research findings with global law enforcement agencies to aid in the investigation and prevention of this scam network. As the threat of such sophisticated scams continues to grow, it is crucial for individuals to remain vigilant and skeptical of enticing offers that appear too good to be true.