A new social engineering campaign is targeting job seekers in the Web3 space using fake interviews and a malicious "GrassCall" meeting app to install information-stealing malware.
🔹 Attackers posed as a fake company ("ChainSeeker.io"), creating phony job listings on LinkedIn, WellFound, and CryptoJobsList.
🔹 Victims were tricked into downloading GrassCall, which deployed RATs and infostealers like Rhadamanthys and AMOS on Windows and Mac.
🔹 The malware stole passwords, authentication cookies, and crypto wallets, leading to drained funds.
🔹 The campaign was linked to a Russian-speaking cybercrime group, Crazy Evil, which has publicly shared stolen data and payments on Telegram.
🔹 CryptoJobsList removed the fake job listings and issued warnings.
🔹 Attackers posed as a fake company ("ChainSeeker.io"), creating phony job listings on LinkedIn, WellFound, and CryptoJobsList.
🔹 Victims were tricked into downloading GrassCall, which deployed RATs and infostealers like Rhadamanthys and AMOS on Windows and Mac.
🔹 The malware stole passwords, authentication cookies, and crypto wallets, leading to drained funds.
🔹 The campaign was linked to a Russian-speaking cybercrime group, Crazy Evil, which has publicly shared stolen data and payments on Telegram.
🔹 CryptoJobsList removed the fake job listings and issued warnings.
![[Image: MxgnhgZ.gif]](https://i.imgur.com/MxgnhgZ.gif)