GrassCall Malware Targets Job Seekers to Steal Login Credentials

A newly identified cyberattack campaign, dubbed GrassCall, is targeting job seekers in the cryptocurrency and Web3 sectors through fake job interviews.

Attributed to the Russian-speaking cybercriminal group “Crazy Evil,” the campaign uses fraudulent job postings on platforms like LinkedIn, WellFound, and CryptoJobsList to lure victims into downloading malicious software disguised as a video meeting application.

This malware is designed to steal sensitive information such as login credentials, cryptocurrency wallets, and authentication cookies from both Windows and macOS devices.

How the Attack Works

The attackers create fake companies, such as “ChainSeeker.io,” complete with professional-looking websites and social media profiles.

They advertise enticing job opportunities for roles like “Blockchain Analyst” or “Social Media Manager.”

Once a victim applies, they are contacted by a fake Chief Marketing Officer (CMO) via Telegram.

The CMO instructs them to download the GrassCall application from a fraudulent website under the pretense of conducting an online interview ...