The hacking group Crazy Evil has created a fake Web3 firm called "ChainSeeker.io" To trick job-seekers in the crypto industry into downloading malware that drains their wallets.
This group created LinkedIn and X accounts to post standard crypto jobs. “Blockchain Analyst” The following are some examples of how to use “Social Media Manager,” According to a cybersecurity website Bleeping Computer.
The Russian-speaking group, known as Crazy Evil, also took out premium advertisements on websites like LinkedIn, WellFound, and CryptoJobsList to boost their ads' visibility. The fake company would send an email to the applicants. “chief human resources officer,” Who would contact them? "chief marketing officer" Telegram: (CMO).
The CMO will then ask them to install GrassCall, a software that allows virtual meetings. They must enter a CMO-provided code. GrassCall installed a number of remote access trojans or malwares that would steal information. Crypto walletsPasswords, Apple Keychain Data, and authentication cookie stored in browsers.
According to Bleeping Computer, the campaign has ended and many of its advertisements have disappeared from social media.
Cristian Ghita said that he was a UX designer who had been affected by this scam. “It looked legit from almost all angles” In a LinkedIn posting.
“He added” “Even the video-conferencing tool had an almost believable online presence.”
Telegram has been used by some of the victims to create a group.
Crazy Evil is not the first group to target the crypto-industry with social engineering. This was revealed in a Recorded Future report last year. Recorded Future discovered ten social engineering scams that were conducted on social media by Crazy Evil, most of them aimed directly at those working in DeFi.
The report pegs the group's lifetime revenue at over $5 million and believes it has been recruiting on Russian-language message boards since 2021. There are many other types of scams in the crypto sector that need to be avoided.
Last year, a sophisticated social engineering scam saw hackers use fake Zoom links to install crypto-stealing malware, using similar tactics to Crazy Evil's latest phishing campaign.
In January 2013, SentinelLabs, a research company, showed that the North Korea linked group BlueNoroff was using email updates about DeFi trends and Bitcoin prices to lure users into downloading malware disguised in PDF reports.