216.73.217.176

Unmasking GrassCall Campaign: The APT Behind Job Recruitment Cyber Scams

· Published 06/03/2025 19:25 · Modified 06/03/2025 22:59

Export JSON

Essential information

Published
06/03/2025 19:25
Modified
06/03/2025 22:59
Tags
2025-03-06 amos atomic macos stealer (amos) cryptocurrency theft grasscall job recruitment phishing rat rhadamanthys social engineering
Related entities
14 observables, 1 intrusion sets (apt), 11 techniques (mitre), 3 malware, 2 others

Description

The malware campaign is an advanced attack conducted by a Russian-speaking cybercriminal group called Crazy Evil. Targeting job seekers in the cryptocurrency and Web3 sectors, the campaign uses fake job interviews to compromise victims' systems and steal cryptocurrency assets. The attackers create a fake company, post job advertisements on reputable platforms, and guide candidates through a sophisticated process involving emails, Telegram conversations, and the installation of malicious software disguised as a video conferencing application. The malware deployed includes a Remote Access Trojan () and information-stealing programs like for Windows users, and the Atomic macOS Stealer () for Mac users. The campaign has affected hundreds of people, with some victims reporting drained cryptocurrency wallets.

External references