Cyber ​​scams are becoming more and more sophisticated and dissatisfied. Cyber ​​security researchers have now highlighted a new online scam where cyber criminals are targeting job seekers. The scam, in particular, is being done for the purpose of professionals looking for new jobs in the web 3 and cryptocurrency space and is conducted through LinkedIn and a video calling app.

A recent report by bleepingcomputer revealed that cyber scammers are now posting fake job listing on LinkedIn and other platforms. When individuals inquire about posting, scammers cheat them to download a malicious video call app called Grasskall, through which they manage to steal sensitive information, including bank details, stored on people’s phones and computers.

Allegedly, till date, scammers have managed to target hundreds of people and many of them have lost money. Grasskall malware is capable of infecting both Mac and Windows devices.

Sharing more information on the scam, the report suggests that this cyber campaign is known as “Crazy Evil” by a Russian-speaking cyber crime group. The group is allegedly notorious for the operation of social engineering attacks, where they trick users to download malicious software. A subgroup within crazy evil, called “Kevaland”, is believed to have been managed this particular operation.

The group started the scam by posting a listing of fake jobs on popular platforms such as LinkedIn, Welfound and Cryptosalist. Cyber ​​criminal, working under the guise of a fake company called “Chensecar.IO”, created a detailed online appearance with a professional website and social media profile on platforms such as X (East Twitter) and LinkedIn. It was reportedly, these profiles were designed to look valid, which included fake employee profiles and job details, which were ready to attract candidates in the web 3 space.

Once the applicants apply for jobs, they found an email inviting in a virtual interview. Email directed him to contact the company’s Chief Marketing Officer through Telegram to schedule the meeting. During the conversation, the fake CMO instructed the candidates to download a video conferencing app called “Grasskall”.

However, the Grasskall app is malicious. Once installed on the phone or computer, the app was used to steal details stored on the device by cyber criminals and scammers. It is reportedly, the Grasskall app installs a variety of malware based on the OS: on Windows, it installs a remote access trojan (rat) and a information-chain called RHADAMANTHYS. On Mac, it installs nuclear theft (AMOS), which is a malware designed to steal particularly sensitive data.

Once installed, malware scanns the device for sensitive information, including cryptocurrency wallet details, passwords stored in browsers or password managers, certification cookies for online accounts, and files containing keywords related to Crypto or Finance.

According to cyber security researcher G0Njxa, Scammers also posted a payment details on Telegram, revealing how much he earned from each victim.

The report stated that after the scam came in contact, the cryptosbostalist has removed the listing of fake jobs and warned users about fraud activity. The Grasskall website has been taken down since then. Additionally, cyber security experts warns that similar scams may emerge as cyber criminal web 3 and Cryptocurrency take advantage of the increasing interest.