Summary: A recent social engineering attack targeted job seekers in the Web3 space, using a fake meeting app called “GrassCall” to install malicious software that steals cryptocurrency wallets. The cybercrime group behind the attack, known as Crazy Evil, created a faux company and job listings to lure victims. Hundreds of individuals have reported losing funds, prompting warnings and a community for affected users to seek assistance.
Affected: Job seekers in the Web3 and cryptocurrency sectors
Keypoints :
- The “GrassCall” app is a vehicle for distributing information-stealing malware, specifically targeting cryptocurrency wallets.
- The attack was orchestrated by a Russian-speaking group called Crazy Evil, which employed elaborate tactics, including fake job listings and social media personas.
- Victims are urged to change passwords and secure their accounts immediately after being made aware of the malware infection.