Graphalgo fake recruiter-test campaign respawned
Contents
Spectra Assure Free Trial
Get your 14-day free trial of Spectra Assure
Get Free TrialMore about Spectra Assure Free TrialIn February, the ReversingLabs research team described a malicious campaign featuring fake job interviews that the team called “graphalgo.” Two months later, RL researchers detected a larger set of fake companies that are part of the same graphalgo campaign — yet more sophisticated.
These organizations link to several GitHub organizations related to blockchain companies that have been active on GitHub since June 2025. Their purpose is to provide trustworthiness to fake job offerings, and to host fake job interview tasks.
RL researchers also identified several new techniques being used by threat actors. Here’s what we found.
As explained in them team's original blog post on graphalgo, the whole campaign can be split into several independent activities conducted by the threat actor. This modularity makes it easier for the threat actor to keep the campaign active even …
Get your 14-day free trial of Spectra Assure
Get Free TrialMore about Spectra Assure Free TrialIn February, the ReversingLabs research team described a malicious campaign featuring fake job interviews that the team called “graphalgo.” Two months later, RL researchers detected a larger set of fake companies that are part of the same graphalgo campaign — yet more sophisticated.
These organizations link to several GitHub organizations related to blockchain companies that have been active on GitHub since June 2025. Their purpose is to provide trustworthiness to fake job offerings, and to host fake job interview tasks.
RL researchers also identified several new techniques being used by threat actors. Here’s what we found.
As explained in them team's original blog post on graphalgo, the whole campaign can be split into several independent activities conducted by the threat actor. This modularity makes it easier for the threat actor to keep the campaign active even …
IoC
http://veltrixcap.org
http://huvaret.art
http://www.veltrixcap.org
6EFB29CEe3b414272EB7A8F3Ebabf873D36bC033
7526acdcf0b22f9b8f790cf069e5dd16cc414b0e
d531769223f468f93e42e19dea74cb16443ba0b8
f6c574baf05234284966abba25377eee589bba6a
7526aCdCF0B22f9B8F790CF069E5dD16CC414B0e
65de94d3eb0524fc17df5fdec8c20afada2d0119
ebb4630024764bdf5e5c1013166cc461d3df7550
cb7ac56cf1c3c1aac9fe4c86a9a323be0698de6c
173bb313e6e29525fd6b04407c1c6e8a4a29c7a0
f1487451933a05a680e71dde7a2b11560d2d33a7
87BF60FB6657d5E5CD425E36FF18aa7Bb5a8FcF4
7a35c8b0e1182b1fd12a8acb49cfeaeb22eae1d6
c7692a6816cc0eb61216358ff0367d7469125192
7af1065e7e6fb6184f99541d142132ba6db03a41
5c30d58dc44182f959c8035e990153b3553deace
eea702ebc53a4b9f8c1b511fffce16f6874de666
d75b3abbdd7af3b18be945caa721f1e4e076146c
e4bf38b28b7aeec2685d1d2581d271c965ee6b84
e3a71d70a5a5d3790a352955edb3bb7a003dd6d5
87bf60fb6657d5e5cd425e36ff18aa7bb5a8fcf4
679fdccecfed0e5cc2c2636fe649a668d50f63ea
c4326153401904e82b17726864be65cac0c97fd1
http://huvaret.art
http://www.veltrixcap.org
6EFB29CEe3b414272EB7A8F3Ebabf873D36bC033
7526acdcf0b22f9b8f790cf069e5dd16cc414b0e
d531769223f468f93e42e19dea74cb16443ba0b8
f6c574baf05234284966abba25377eee589bba6a
7526aCdCF0B22f9B8F790CF069E5dD16CC414B0e
65de94d3eb0524fc17df5fdec8c20afada2d0119
ebb4630024764bdf5e5c1013166cc461d3df7550
cb7ac56cf1c3c1aac9fe4c86a9a323be0698de6c
173bb313e6e29525fd6b04407c1c6e8a4a29c7a0
f1487451933a05a680e71dde7a2b11560d2d33a7
87BF60FB6657d5E5CD425E36FF18aa7Bb5a8FcF4
7a35c8b0e1182b1fd12a8acb49cfeaeb22eae1d6
c7692a6816cc0eb61216358ff0367d7469125192
7af1065e7e6fb6184f99541d142132ba6db03a41
5c30d58dc44182f959c8035e990153b3553deace
eea702ebc53a4b9f8c1b511fffce16f6874de666
d75b3abbdd7af3b18be945caa721f1e4e076146c
e4bf38b28b7aeec2685d1d2581d271c965ee6b84
e3a71d70a5a5d3790a352955edb3bb7a003dd6d5
87bf60fb6657d5e5cd425e36ff18aa7bb5a8fcf4
679fdccecfed0e5cc2c2636fe649a668d50f63ea
c4326153401904e82b17726864be65cac0c97fd1