Hackers posing as a legitimate Web3 company have targeted job seekers in the crypto industry, stealing cryptocurrency through a fake job interview scam.
Hackers posing as a legitimate Web3 company have targeted job seekers in the crypto industry, stealing cryptocurrency through a fake job interview scam. The group, known as “Crazy Evil,” set up a fake company called ChainSeeker.io and advertised jobs like “Blockchain Analyst” and “Social Media Manager” on LinkedIn, WellFound, and CryptoJobsList. They used premium advertisements to increase the visibility of their job offers and contacted applicants via email, directing them to a “chief marketing officer” (CMO) on Telegram.
The CMO asked job seekers to download a virtual meeting tool called GrassCall, which was actually a tool for installing malware on their systems. Once installed, the malware accessed sensitive information, including crypto wallets, passwords, and authentication data stored in web browsers. This malware was designed to drain funds from crypto wallets, and many victims lost their entire holdings. A Telegram support group has been created by affected users, where they share advice on how to remove the malware from Windows and Mac devices.
This attack is not the first of its kind. Earlier reports by Recorded Future revealed that Crazy Evil had executed similar scams targeting DeFi professionals. Their tactics include exploiting social engineering to trick individuals into downloading harmful software. The group has also used Zoom links in previous campaigns to spread malware. The GrassCall scam serves as a reminder of the ongoing risks in the cryptocurrency industry, where cybercriminals are increasingly targeting professionals with valuable assets.
In addition to this attack, other hacker groups, including the North Korean BlueNoroff, have been linked to scams targeting the crypto industry. BlueNoroff, part of the Lazarus Group, has used phishing emails and fake documents to steal funds from crypto firms. Their most recent campaign, “Hidden Risk,” disguised malware as legitimate documents and targeted crypto firms with similar tactics to the Crazy Evil group’s approach.
As the use of digital assets grows, cybercriminals are adapting by exploiting emerging job markets and targeting crypto professionals. Experts recommend caution when engaging with unfamiliar hiring processes, especially when asked to download unknown applications. If a job offer requires installing software that seems suspicious, it should be treated as a potential red flag. Cybersecurity experts also advise job seekers in the Web3 and crypto sectors to remain vigilant and aware of these types of scams.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators.
This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice.
The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap.
