A new social engineering campaign is targeting job seekers in the Web3 space using fake interviews and a malicious "GrassCall" meeting app to install information-stealing malware.
🔹 Attackers posed as a fake company ("ChainSeeker.io"), creating phony job listings on LinkedIn, WellFound, and CryptoJobsList.
🔹 Victims were tricked into downloading GrassCall, which deployed RATs and infostealers like Rhadamanthys and AMOS on Windows and Mac.
🔹 The malware stole passwords, authentication cookies, and crypto wallets, leading to drained funds.
🔹 The campaign was linked to a Russian-speaking cybercrime group, Crazy Evil, which has publicly shared stolen data and payments on Telegram.
🔹 CryptoJobsList removed the fake job listings and issued warnings.
🔹 Attackers posed as a fake company ("ChainSeeker.io"), creating phony job listings on LinkedIn, WellFound, and CryptoJobsList.
🔹 Victims were tricked into downloading GrassCall, which deployed RATs and infostealers like Rhadamanthys and AMOS on Windows and Mac.
🔹 The malware stole passwords, authentication cookies, and crypto wallets, leading to drained funds.
🔹 The campaign was linked to a Russian-speaking cybercrime group, Crazy Evil, which has publicly shared stolen data and payments on Telegram.
🔹 CryptoJobsList removed the fake job listings and issued warnings.
![[Image: Frame-12545364.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fi.postimg.cc%2FrFw1BvnR%2FFrame-12545364.png)