Are you willing to hack and take control of Chinese websites for a random person for up to $100,000 a month?
Someone is making precisely that tantalizing, bizarre, and clearly sketchy job offer. The person is using what looks like a series of fake accounts with avatars displaying photos of attractive women and sliding into the direct messages of several cybersecurity professionals and researchers on X in the last couple of weeks.
“We are recruiting webshell engineers and teams to penetrate Chinese websites worldwide, with a monthly salary of up to $100,000. If you are interested, you can join our channel first,” read the message, which included a link to a Telegram channel.
For some reason, I also received this message from an X account named “Look at my homepage,” which had a username, @JerelLayce88010, that looked like it was randomly generated.
When I followed the link, I was able to see the admin of the channel, someone who goes by the name “Jack” and has an AI-generated avatar of a pirate.
“Are you proficient in penetration technology?” Jack asked me.
I am not, but I asked Jack to tell me more about their goals.
“Get webshells from Chinese registered domains. There is no specific target. As long as the domain is registered in China, it is our target range,” said Jack, referring to web shells, programs or scripts that hackers can use to control hacked web servers. “You need to understand China’s CMS” — referring to content management systems, the software that runs the backends of websites — “find loopholes, and be able to obtain webshells in batches. There is no upper limit to the number we need. The more the better. This is a long-term job. We can establish long-term cooperation.”
Yes, but crucially, why?
“What I need is China’s traffic,” Jack said, perhaps losing patience with my questions.
OK, but for what?
At this point, Jack definitely got tired of my questions and gave me an assignment: Get me three web shells on any domain registered in China so I know you have the skills. Generously, Jack offered me $100 for each hacked domain.
Alas, I still don’t have the skills to do that, nor the willingness to break the law. Instead I kept asking questions, including who Jack was working for. “Indian government,” Jack responded, although in a subsequent chat Jack contradicted that, blaming automatic translation, which they said they were using because Chinese is their first language.
I spoke to some of the researchers who got Jack’s strange job offer, and they were also puzzled. Nobody said they have gotten a malicious link, for example, or suspicious questions that would indicate some sort of doxing or scam campaign.
“I am guessing it’s a troll [rather] than some serious threat actor,” said s1r1us, a security researcher who received a DM from one of Jack’s sockpuppet accounts on X. “If they want to hire top talent this is not definitely the way.”
The Grugq, a well-known cybersecurity expert, told TechCrunch that he has never seen anything like this recruiting campaign. “I have seen [people] asking dumb questions and spamming for various cybersecurity-related things,” he said. “But never anything like the persistent, widespread, bizarre s— from this guy.”
According to The Grugq, perhaps the goal is to infect people inside China with malware, as it doesn’t make sense to use Chinese domains to launch DDoS attacks or spam, because that wouldn’t justify the high payment.
“I really can’t think of wtf they’re doing,” The Grugq concluded. “It makes no sense.”
And neither can anyone else, apparently. Godspeed, Jack, in whatever adventure you are embarking on.