Símbolos

"Crypto Job Seekers Fall for 'Crazy Evil' Phishing Scam"

Generado por agente de IACoin World

jueves, 27 de febrero de 2025, 4:54 am ET1 min de lectura

A Russian-speaking cybercrime group, known as Crazy Evil, has been exploiting the job market in the cryptocurrency and Web3 space to execute a sophisticated social engineering attack. The group, which operates several subgroups including KEVLAND, has targeted hundreds of job seekers, resulting in significant financial losses for victims.

KEVLAND created a fake website, ChainSeeker.io, and posted premium Web3 job listings on major platforms like LinkedIn, WellFound, and CryptoJobsList. After applicants submitted their information, they received emails directing them to a fake "Chief Marketing Officer" on Telegram. The "CMO" then instructed victims to download a phony video meeting application called "GrassCall" from the malicious website grass[.]net.

Upon downloading, the "GrassCall" app initiated a dual-pronged malware attack, tailored to the victim's operating system. Windows users were infected with Rhadamanthys RAT and infostealers, granting attackers remote access and data exfiltration capabilities. Mac users were targeted with the Atomic (AMOS) Stealer, a potent malware designed to compromise macOS systems.

The installed malware stole private information, including passwords, authentication cookies, cryptocurrency wallets, AppleAAPL-- keychain data, and files that store passwords. After that, the stolen data was uploaded to the attackers' servers and shared within their Telegram channels. If cryptocurrency wallets were found, the attackers attempted to brute-force passwords and drain the funds. The group would then pay members that successfully got the malware installed on the victim's machine.

The "GrassCall" website was not original, but a clone of the "Gatherum" site. Moreover, the attackers impersonated real people for ChainSeeker.io's nonexistent leadership. The job listings have been removed from job boards, except for one that is still active on LinkedIn.

The scale of the operation is becoming increasingly apparent, with dozens of victims recounting similar experiences on social media. Many have reported huge financial losses as their cryptocurrency holdings were drained. Security experts are urging victims to take immediate action, including changing passwords on an uninfected device and transferring cryptocurrency to new, secure wallets.

Crazy Evil has been known for targeting the cryptocurrency and Web3 ecosystems through sophisticated social engineering tactics and malware distribution. Apart from KEVLAND, the group operates other

Coin World

Comentarios

﻿

Add a public comment...

Aún no hay comentarios

Divulgación editorial y transparencia de la IA: Ainvest News utiliza tecnología avanzada de Modelos de Lenguaje Largo (LLM) para sintetizar y analizar datos de mercado en tiempo real. Para garantizar los más altos estándares de integridad, cada artículo se somete a un riguroso proceso de verificación con participación humana. Mientras la IA asiste en el procesamiento de datos y la redacción inicial, un miembro editorial profesional de Ainvest revisa, verifica y aprueba de forma independiente todo el contenido para garantizar su precisión y cumplimiento con los estándares editoriales de Ainvest Fintech Inc. Esta supervisión humana está diseñada para mitigar las alucinaciones de la IA y garantizar el contexto financiero. Advertencia sobre inversiones: Este contenido se proporciona únicamente con fines informativos y no constituye asesoramiento profesional de inversión, legal o financiero. Los mercados conllevan riesgos inherentes. Se recomienda a los usuarios que realicen una investigación independiente o consulten a un asesor financiero certificado antes de tomar cualquier decisión. Ainvest Fintech Inc. se exime de toda responsabilidad por las acciones tomadas con base en esta información. ¿Encontró un error? Reportar un problema