- Hackers are creating fake web3 firms to defraud job seekers
- The fake firms post jobs in various categories like social media managers and blockchain developers
- The hackers are posting job adverts on popular platforms like CryptoJobsList, LinkedIn, and WellFound.
Russian-speaking hacking group Crazy Evil is using a fake web3 firm, ChainSeeker.io, to drain the wallets of unsuspecting job seekers. The group is searching for qualified entities to join the company in various positions like social media manager, blockchain developer, NFT artist, and advisor. Crazy Evil uses reputable sites like LinkedIn, WellFound, and CryptoJobsList to advise the positions and sometimes even pays for premium space to display the ads, boosting their credibility.
A Fake Company With “An Elaborate Online Persona”
Speaking to the cybersecurity platform Bleeping Computer, Choy, a web3 professional, revealed that the fake firm has “an elaborate online persona consisting of a website and social media profiles.” According to the cybersecurity website, Crazy Evil would direct applicants to contact the fake firm’s marketing officer on Telegram for further guidance and a possible interview.
The marketing officer requests applicants to install GrassCall, a virtual meeting app. The app then infects the applicant’s computer with malware and allows the hackers to remotely access the victim’s computer.
The malware scans the victim’s device for things like passwords, crypto wallets, web browser history, and cookies. The information is uploaded to the group’s servers and analyzed for wallet information.
Job Listings “Looked Legit”
Those who applied for the jobs said that the company and job listings “looked legit from almost all angles” including the malicious video conferencing tool. A recent report by Recorded Future shows that Crazy Evil is increasingly targeting people in the DeFi and web3 industries through social engineering tricks.
Crazy Evil’s tactic shows the lengths that malicious actors are willing to go to steal funds. It also adds to other threat actors’ tricks like using fake Zoom links and NFT games to defraud unsuspecting victims.
With hackers adding new tricks to their toolbox, the crypto community needs to stay vigilant to prevent falling victim.
