Market

Russian Hackers Are Stealing Crypto Via Fake Job Postings

The Russian hacker group “Crazy Evil” has been tricking users into downloading infected software via fake job listings.

Haider Jamal
February 28, 2025

Using ChainSeeker

Recently, the group promoted a bogus company, ChainSeeker.io, using fake profiles on LinkedIn and job boards like CryptoJobList and WellFound.

Source: LinkedIn

Applicants were directed to download a video-calling app, ‘GrassCall,’ which contained malware that steals wallet addresses, cookies, and passwords from victims’ browsers and Apple Keychain.

More Fake Apps

Once the malware was installed, hackers would brute-force passwords to steal crypto assets from compromised wallets. Reports suggest the criminals make tens of thousands of dollars per victim.

The group has now shifted to using other fraudulent apps, like Gatherum and VibeCall, with similar tactics. After the scam gained attention, job postings for ChainSeeker.io were removed from major job boards.

Join Our FREE Newsletter

Subscribe to stay informed and receive latest updates on the latest happenings in the crypto world!

By submitting this form, you are consenting to receive marketing emails from: Crypto Weekly, 36 Blue Jays Way, Toronto, ON, M5V 3T3, http://cryptoweekly.co. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Haider Jamal

Content Strategist

Haider is a fintech enthusiast and Content Strategist at CryptoWeekly with over four years in the Crypto & Blockchain industry. He began his writing journey with a blog after graduating from Monash University Malaysia. Passionate about storytelling and content creation, he blends creativity with insight. Haider is driven to grow professionally while always seeking the next big idea.