Hacking group Crazy Evil has created a fake web3 company called “Chainseeker.io.”
According to the Cybersecurity website, the group has set up standard crypto industry jobs for LinkedIn and X Profiles, such as “blockchain analysts” and “social media managers.” Bleeding Computer.
The Russian-speaking group known as Crazy Evil has snatched premium ads on websites such as LinkedIn, Wellfound and Cryptojobslist to increase the visibility of the ads. The applicant will then receive an email from the fake company’s “Chief Human Resources Officer” and invite them to contact the fake “Chief Marketing Officer” (CMO) on Telegram.
The CMO then downloads and installs virtual conference software known as Grasscall and fine-tunes it to enter the code provided by the CMO. GrassCall installs various information-stolen malware or remote access trojans (rats). Crypto walletpasswords, Apple keychain data, and authentication cookies stored in your web browser.
According to Bleeping Computer, the campaign stopped running at the time of writing, and most ads appear to have been removed from social media.
Freelance UX developer Cristian Ghita, who claimed to have been affected by the scam, said in a LinkedIn post that it “seemed legal from almost every angle.”
He added: “Even video conferencing tools had a presence all online.”
Some of the people affected by the scam have come together to create support groups for victims on Telegram.
According to a report compiled by Recorded Future last year, this is not Crazy Evil’s first social engineering attack targeting the crypto industry. Recorded Future discovered 10 individual social engineering scams carried out by the group on social media. Many of them were positively directed at people working in the Defi industry.
The report believes the group has staked the group’s lifetime revenues at over $5 million and has adopted a Russian message board since 2021. Apart from fake employment ads, there are plenty of other target scams that crypto industry experts need to know about.
Last year, a sophisticated social engineering scam involved hackers installing malware that uses fake zoom links to steal ciphers and using similar tactics to use Crazy Evil’s latest phishing campaign.
Also in January, research firm Sentinellabs showed how North Korea-related group Bluenoroff used Defi trends and Bitcoin price email updates to trick users into using downloads of malware that disguised them like PDF reports.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
