Hacker group Crazy Evil creates fake Web3 company, luring job seekers to download malicious software

According to Decrypt, the hacker group Crazy Evil has created a fake Web3 company called "ChainSeeker. io" to lure job seekers in the crypto industry into downloading malicious software that steals wallet funds. According to cybersecurity website Bleeping Computer, the organization has established profiles on LinkedIn and X to recruit for standard crypto industry positions such as "blockchain analyst" or "social media manager". They also place high-quality advertisements on websites such as LinkedIn, WellFound, and CryptoJobsList to increase their ad exposure. Then, job seekers will receive an email from the fake company's "Chief Human Resources Officer" inviting them to contact the fake "Chief Marketing Officer" (CMO) through Telegram. The so-called CMO will then urge them to download and install a virtual meeting software called GrassBall, and enter the code provided by the CMO. Then, GrassBall installs various information theft malware or Remote Access Trojans (RATs) that search for encrypted wallets, passwords, Apple Keychain data, and authentication cookies stored in web browsers. Currently, most advertisements seem to have been removed from social media.