Would you be willing to compromise Chinese websites for a stranger in exchange for a hefty sum of up to $100,000 per month?

A mysterious individual is extending this intriguing, yet dubious, job offer. The person appears to be utilizing a series of fake accounts, accompanied by avatars featuring photos of attractive women, to send direct messages to multiple cybersecurity experts and researchers on X over the past few weeks.

The message reads: “We are seeking webshell engineers and teams to infiltrate Chinese websites globally, with a monthly salary of up to $100,000. If interested, please join our channel first,” and includes a link to a Telegram channel.

I also received this message from an X account named “Look at my homepage,” which had a username, @JerelLayce88010, that seemed randomly generated.

Upon following the link, I was able to see the channel’s admin, who goes by the name “Jack” and has an AI-generated pirate avatar.

Jack asked me, “Are you proficient in penetration technology?”

Although I am not, I asked Jack to provide more information about their objectives.

“We aim to obtain webshells from Chinese-registered domains. There is no specific target; any domain registered in China is within our scope,” Jack explained, referring to web shells, which are programs or scripts used by hackers to control compromised web servers. “You need to understand China’s CMS… identify vulnerabilities, and be able to obtain webshells in bulk. There is no upper limit to the number we require. The more, the better. This is a long-term job, and we can establish long-term cooperation.”

However, the crucial question remains: why?

Jack responded, “What I need is China’s traffic,” possibly growing impatient with my inquiries.

But for what purpose?

At this point, Jack assigned me an task: obtain three web shells on any domain registered in China to demonstrate my skills. Jack generously offered me $100 for each hacked domain.

Unfortunately, I have neither the skills nor the willingness to engage in illegal activities. Instead, I continued to ask questions, including who Jack was working for. Jack initially claimed to be working for the “Indian government,” but later contradicted this statement, blaming automatic translation, as Chinese is their primary language.

I spoke with several researchers who received Jack’s unusual job offer, and they were equally perplexed. None of them reported receiving malicious links or suspicious questions that would indicate a doxing or scam campaign.

“I think it’s a troll rather than a serious threat actor,” said s1r1us, a security researcher who received a DM from one of Jack’s fake accounts on X. “If they want to hire top talent, this is not the way to do it.”

The Grugq, a renowned cybersecurity expert, told TechCrunch that he has never seen anything like this recruiting campaign. “I’ve seen people asking dumb questions and spamming for various cybersecurity-related things, but never anything like the persistent, widespread, bizarre messages from this guy.”

According to The Grugq, perhaps the goal is to infect people inside China with malware, as it wouldn’t make sense to use Chinese domains to launch DDoS attacks or spam, given the high payment offered.

“I really can’t think of what they’re trying to do,” The Grugq concluded. “It doesn’t make sense.”

Apparently, nobody else can make sense of it either. Good luck, Jack, with whatever adventure you’re embarking on.