The hacker group Crazy Evil creates fake Web3 companies to lure job seekers into downloading malware

ChainCatcher news, according to Decrypt, the hacker group Crazy Evil has created a fake Web3 company called "ChainSeeker.io" to lure job seekers in the crypto industry into downloading malware that steals wallet funds.

According to cybersecurity site Bleeping Computer, the organization has set up profiles on LinkedIn and X, recruiting for standard positions in the crypto industry, such as "Blockchain Analyst" or "Social Media Manager." They have also placed premium ads on sites like LinkedIn, WellFound, and CryptoJobsList to increase the visibility of their advertisements. Job seekers then receive an email from the fake company's "Chief Human Resources Officer," inviting them to contact the fake "Chief Marketing Officer" (CMO) via Telegram.

The so-called CMO subsequently pressures them to download and install a virtual meeting software called GrassCall and enter a code provided by the CMO. GrassCall then installs various information-stealing malware or Remote Access Trojans (RATs), which search for crypto wallets, passwords, Apple Keychain data, and authentication cookies stored in web browsers.

Currently, most of the ads seem to have been removed from social media.