Hacking party Crazy Evil created a false Web3 business dubbed” ChainSeeker. io” to key crypto market job seekers into downloading wallet-draining trojan.
According to the cybersecurity website , the group set up LinkedIn and X profiles advertising positions in the standard crypto industry, such as” Blockchain Analyst” or” Social Media Manager.”  ,
The Russian-speaking party, known as Crazy Evil, even took out prime advertising on sites like Linked In, WellFound, and CryptoJobsList to improve their ads ‘ presence. Applicants would then receive an email from the fake company’s” chief human resources officer”, who would invite them to contact the fake” chief marketing officer” ( CMO ) on Telegram.
The alleged CMO would therefore ask them to download and install GrassCall, which requires them to input a code provided by the CMO. GrassCall would then install a variety of information-stealing malware or remote access trojans (RATs ), which would search for crypto wallets, passwords, Apple Keychain data, and authentication cookies stored in web browsers.
According to Bleeping Computer, the plan is no longer in effect and most ads appear to have been removed from social media.
Cristian Ghita, a freelance UX engineer who claimed to have been impacted by the hoax, said,” It looked real from almost all points” in a LinkedIn article.
He added:” Yet the video-conferencing device had an almost credible online presence”.
Some victims of the fraud have formed a support team on Telegram, with some of the victims being included.
This is not Mad Evil’s second social engineering attack against the blockchain industry, according to a statement released last year by Recorded Future. The team conducted ten different social engineering schemes on social internet, many of which were directly aimed at DeFi workers.
The organization has been recruiting on Russian-language message boards since 2021, according to the report, which estimates its lifetime revenue to be more than$ 5 million. There are a lot of additional targeted frauds that crypto industry professionals need to be on the lookout for, aside from fake job ads.
Last month, a powerful social engineering scam saw hackers use false Zoom links to place crypto-stealing trojan, using similar tactics to Crazy Evil’s latest hacking strategy.
And in January, SentinelLabs, a research firm, revealed how the North Korean-linked organization BlueNoroff manipulated people into getting ransomware that was disguised as File reports by using email improvements on DeFi trends and cryptocurrency prices.
Daily Debrief Newsletter
Start every day with the best news stories right now, plus unique features, a audio, video and more.
