Fake Job Offers, GrassCall, and Crypto: A New Scam Uncovered
Cybercriminals from the Crazy Evil group are using fake job offers and a modified video-calling app to steal passwords and cryptocurrency from unsuspecting users.
On this page
They pose as employers in the Web3 industry and post attractive job openings on popular job platforms. During the initial interview, they send a link for a video call via GrassCall, a little-known app that looks legitimate but secretly installs malware on the victim's device.
This scam operation has already impacted hundreds of people.
Social Engineering Tactics
To trick users into downloading GrassCall, the hackers use social engineering tactics. They research candidates' profiles and create fake accounts on platforms like LinkedIn, WellFound, and CryptoJobsList. To make their scheme more convincing, they launch a full-scale virtual campaign with a fake website and an active social media presence. This setup often includes a fabricated backstory about the company's founding, building a permanent team, and even fake social media comments to enhance credibility.
The scammers communicate through various messaging platforms, including Telegram, allowing them to quickly share instructions, send GrassCall download links, and answer questions in real time. This approach creates a sense of legitimacy and increases the chances of successfully infecting the victim’s device.
Related: Social Engineering in Crypto: Top 5 Fraud Schemes
Technical Aspects of the Attack
When users download GrassCall, they are given the option to choose between Windows or macOS versions. However, regardless of the choice, the device becomes infected with malware. Once launched, the malicious software operates silently in the background, making it extremely difficult to detect.
On Windows devices, the malware installs a Remote Access Trojan (RAT) combined with an info-stealer that harvests passwords, cookies, and other sensitive data. On macOS, it deploys Atomic Stealer, which extracts passwords from Apple Keychain and collects browser data.
All the other wallets would be compromised, best to create something on a new machine/ phone and transfer assets there. Computer, clean wipe, new OS install,
warned Web3 user Choy.
The malware scans infected systems for cryptocurrency wallets. If it detects any, it initiates password-cracking routines and swiftly transfers funds to the attackers’ wallets. The stolen data is transmitted to hacker-controlled servers, and detailed reports are then shared on Telegram channels to showcase the success of the attacks.
Estimates suggest that this scheme earns cybercriminals thousands of dollars per victim.
Consequences and Recommendations
These attacks leave crypto users vulnerable, leading to the loss of both sensitive data and accumulated funds with no way to prevent it. Such incidents undermine trust in the digital economy and raise concerns about the security of modern job platforms. Although many platforms have removed these fraudulent postings, it’s widely acknowledged that new scams will resurface repeatedly.
This issue has become widespread, prompting the formation of online communities where users share strategies for mitigating risks and removing malware from infected devices.
Security experts strongly advise job seekers to thoroughly verify the legitimacy of companies and be wary of initial communications through messaging apps or requests to download software. These are clear warning signs of potential scams.
Related: Unraveling the Tactics of CryptoRom Scammers
Always keep your antivirus software up to date, change your passwords regularly, and seek help from cybersecurity professionals at the first sign of suspicious activity. Quick diagnostics can identify vulnerabilities and mitigate risks.
Additionally, stay informed about the latest Web3 security trends, as scammers continuously refine their methods to keep pace with new security measures.
Lessons from the Modern Cyber Landscape
The GrassCall incident reveals just how sophisticated cybercriminal tactics have become in today’s digital world. It serves as a stark reminder for anyone in the crypto and blockchain space: To stay protected in this rapidly evolving tech environment, it’s crucial to use only trusted information sources, verify contacts carefully, and regularly update cybersecurity measures to safeguard personal data and digital assets from malicious actors.
Related: AI Is Making Crypto Scams Smarter—Insights from Chainalysis 2024
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.
Articles by this author
