
Russian Cybercrime Group Uses Fake Job Interviews and ‘GrassCall’ App to Drain Crypto Wallets
A sophisticated social engineering attack has been executed by a Russian-speaking cybercrime group, targeting hundreds of job seekers in the cryptocurrency and Web3 space. The group, known as Crazy Evil, has reportedly used a fake website and a malware-ridden video meeting application called “GrassCall” to drain victims’ crypto wallets.
According to a new report from BleepingComputer, Crazy Evil’s subgroup, KEVLAND, built a fake website called “ChainSeeker.io” and posted premium Web3 job listings on major platforms like LinkedIn, WellFound, and CryptoJobsList. Victims who applied for these jobs received emails directing them to a fake “Chief Marketing Officer” on Telegram, who then instructed them to download the “GrassCall” app from a malicious website.
Once downloaded, the “GrassCall” app initiated a dual-pronged malware attack, compromising both Windows and macOS systems. This malware allowed the attackers to steal sensitive information, including login credentials and cryptocurrency private keys.
The victims of this heinous attack have reported huge financial losses, with their cryptocurrency holdings being drained from infected devices. Security experts are urging those who have been targeted by this scam to take immediate action, including changing passwords on an uninfected device and transferring cryptocurrency to new, secure wallets.
Crazy Evil has been known for targeting the cryptocurrency and Web3 ecosystems through sophisticated social engineering tactics and malware distribution. The group employs a range of malware tools, including StealC, Atomic macOS Stealer (AMOS), and Angel Drainer, to compromise both Windows and macOS systems.
This is not an isolated incident, as there have been numerous other cryptocurrency job scams targeting those who are on a job hunt. The FBI has warned against such scams, advising individuals to be cautious of unsolicited job offers, avoid making cryptocurrency payments to employers, and report suspicious activities to the agency.
The recent attack serves as a stark reminder for crypto enthusiasts to remain vigilant and skeptical when it comes to job opportunities that seem too good to be true. With cybercrime on the rise, it is essential for individuals to take proactive measures to protect their digital assets and maintain the integrity of their online presence.
It is crucial for cryptocurrency investors and job seekers alike to stay informed about emerging threats and fraudulent activities in the space.