A social engineering scam has been targeting job seekers in the Web3 industry using a fraudulent "GrassCall" meeting app that secretly installs malware to steal cryptocurrency wallets.
Conducted by a Russian-speaking cybercrime group called Crazy Evil, the attack tricked users into downloading malicious software on their Windows or Mac devices under the guise of a job interview process.
The scammers posed as representatives of a fake company, "ChainSeeker.io," and listed premium job postings on platforms like LinkedIn, WellFound, and CryptoJobsList to lure applicants.
Victims were instructed to contact a fake Chief Marketing Officer via Telegram, who then provided a link to download the GrassCall app, which contained information-stealing malware.
Once installed, the malware targeted browser-stored credentials, authentication cookies, and cryptocurrency wallets, sending the stolen data to the attackers, who then attempted to crack passwords and drain funds.
On Windows, the malware included remote access trojans (RATs) like Rhadamanthys, while Macs were infected with the Atomic (AMOS) Stealer.
Cybercriminals operating within the Crazy Evil network openly shared stolen information on Telegram and rewarded members who successfully tricked victims into downloading the malicious app.
CryptoJobsList has since removed the fraudulent job postings and warned users to check their devices for malware.
While the GrassCall website is now offline, those who installed the software should immediately change passwords, reset authentication tokens, and secure their cryptocurrency wallets.
This incident highlights the growing risk of cybercriminals using fake job opportunities to target individuals in the cryptocurrency and blockchain space.
Logging you in...
Loading IntenseDebate Comments...