- Russian Hacking group Crazy Evil created fake Web3 company “ChainSeeker.io” to distribute wallet-draining Malware through fabricated job listings.
- The group advertised blockchain jobs on platforms like LinkedIn and deployed a malicious “GrassCall” video conferencing tool that installed information-stealing software.
- Crazy Evil has reportedly generated over $5 million through at least ten social engineering campaigns targeting cryptocurrency professionals.
Cryptocurrency job seekers have been targeted by sophisticated malware attacks disguised as employment opportunities from a fictitious blockchain company. A Russian-speaking hacking collective known as Crazy Evil orchestrated the campaign, creating a false Web3 company called "ChainSeeker.io" to distribute wallet-draining malware to unsuspecting applicants in the cryptocurrency industry.
According to Cybersecurity website Bleeping Computer, the Hackers established professional-looking profiles on LinkedIn and X, where they advertised standard industry positions such as "Blockchain Analyst" and "Social Media Manager." To increase visibility, the group purchased premium advertisements across multiple platforms including LinkedIn, WellFound, and CryptoJobsList.
The operation followed a calculated pattern. After submitting applications, candidates received messages from a purported "chief human resources officer" who directed them to contact the company’s "chief marketing officer" via Telegram. The fake CMO would then instruct applicants to download a virtual meeting application called GrassCall and enter a provided code.
Once installed, GrassCall deployed various information-stealing malware and remote access trojans (RATs) designed to locate and extract crypto wallets, passwords, Apple Keychain data, and authentication cookies stored in web browsers.
Victims of the scam have reported how convincing the operation appeared. "It looked legit from almost all angles," stated Cristian Ghita, a freelance UX developer claiming to have fallen victim to the scheme, in a LinkedIn post. He added: "Even the video-conferencing tool had an almost believable online presence."
Affected individuals have formed a support group on Telegram to assist fellow victims.
The campaign is no longer active as of this reporting, with most advertisements having been removed from social media platforms, according to Bleeping Computer.
This isn’t the first time Crazy Evil has targeted the cryptocurrency sector. A report published last year by Recorded Future identified at least ten separate social engineering campaigns conducted by the group, many specifically targeting professionals in the decentralized finance (DeFi) industry. The research estimates the group’s total earnings at over $5 million since it began recruiting on Russian-language forums in 2021.
Similar attacks have become increasingly common in the crypto space. Last year, hackers employed fake Zoom links to distribute cryptocurrency-stealing malware using tactics resembling those in Crazy Evil’s latest campaign. In January, research firm SentinelLabs revealed that the North Korea-linked group BlueNoroff was using email updates on DeFi trends and Bitcoin prices to trick users into downloading malicious software disguised as PDF reports.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Pakistan to Establish National Crypto Council Following Meeting with Trump Advisors
- Bybit Secures Preliminary Approval for UAE Crypto Operations
- Armenia Takes First Step Toward Cryptocurrency Regulation
- PI Token Hits All-Time High Near $3 as Binance Listing Speculation Grows
- CoinDesk Maintains Editorial Independence Under Bullish Group Ownership
