A new cyber scam has surfaced, targeting cryptocurrency users through fake job offers and a malware-laden app called “GrassCall.”
According to reports, scammers used social engineering tactics to trick victims into downloading the malicious software, which was designed to steal crypto wallets and personal data.
Fake Job Posting Scam Uses GrassCall Malware
The scam, initially reported by BleepingComputer, has now been abandoned after significant public exposure. Websites and LinkedIn accounts linked to the operation have been taken down, but not before hundreds of victims were affected. Some reported losing access to their wallets after installing the malware.
In response, victims have formed a Telegram group to help each other remove the infection from both Mac and Windows devices. The attack highlights the increasing sophistication of cybercriminals who exploit job seekers in the crypto industry.
Russian-Speaking Group Behind the Scam
The operation was carried out by a Russian-speaking cybercriminal group known as “Crazy Evil.” This group specializes in social engineering scams, using deceptive tactics to make people download malicious software. They often promote fake job listings or fraudulent gaming platforms to lure victims.
For this particular scheme, the hackers created a fake company called “ChainSeeker.io.” They built a website and social media profiles on LinkedIn and X to make the company appear legitimate.
They then posted premium job listings on popular Web3 job boards, including WellFound and CryptoJobsList.
Also Read: Scammers Impersonate Saudi Crown Prince To Launch Fake Memecoin Amid Rising Crypto Fraud
Once job seekers applied, they received an interview invite via email. The supposed Chief Marketing Officer (CMO) of the fake company would then instruct them to contact him on Telegram to schedule the meeting.
During the conversation, the CMO would convince the victim to download “GrassCall,” a supposed video conferencing app, from a fraudulent website.
Depending on the user’s device, the website would deliver a Windows or Mac version of the software. However, instead of a legitimate meeting app, the download contained malware designed to steal sensitive data.
Malware Designed to Steal Crypto
Cybersecurity researcher g0njxa, who has been tracking these hackers, revealed that the GrassCall website was a clone of another fake platform called “Gatherum.” Both were linked to a subgroup of Crazy Evil known as “Kevland.”
Once installed, the GrassCall malware would extract passwords, authentication cookies, and crypto wallet data.
Hackers used this malware to scan devices for files related to cryptocurrency wallets. They would then attempt to brute-force passwords and drain any funds found.
The stolen information was uploaded to private servers and shared in Telegram groups run by the cybercriminals. Successful attackers were reportedly paid large sums for each victim they tricked into downloading the malware.
Hackers Keep Finding New Methods
Cybercriminals are constantly evolving their methods to deceive people. As security measures improve, hackers develop new strategies to bypass them.
From phishing emails and fake websites to deepfake scams and malware-laden apps, they continue to adapt.
With the rise of artificial intelligence, scams are becoming more sophisticated. Fraudsters use AI-generated social media accounts, deepfake videos, and realistic job postings to manipulate victims.
Binance Users Face New Phishing Threat
While the GrassCall scam has been shut down, another major cyber threat is emerging. Binance users are now being targeted by a highly deceptive SMS phishing attack. Hackers are exploiting vulnerabilities in official communication channels, making it difficult for users to distinguish between real and fake messages.
This latest scam highlights the ongoing battle between security experts and cybercriminals. Scammers are always looking for new ways to steal money and data, making it crucial for users to stay informed and vigilant.