Unmasking GrassCall Campaign: The APT Behind Job Recruitment Cyber Scams

Description

The GrassCall malware campaign is an advanced social engineering attack conducted by a Russian-speaking cybercriminal group called Crazy Evil. Targeting job seekers in the cryptocurrency and Web3 sectors, the campaign uses fake job interviews to compromise victims' systems and steal cryptocurrency assets. The attackers create a fake company, post job advertisements on reputable platforms, and guide candidates through a sophisticated process involving phishing emails, Telegram conversations, and the installation of malicious software disguised as a video conferencing application. The malware deployed includes a Remote Access Trojan (RAT) and information-stealing programs like Rhadamanthys for Windows users, and the Atomic macOS Stealer (AMOS) for Mac users. The campaign has affected hundreds of people, with some victims reporting drained cryptocurrency wallets.