PANews reported on February 27 that according to Decrypt, the hacker group Crazy Evil created a fake Web3 company called "ChainSeeker.io" to trick job seekers in the crypto industry into downloading malware that steals wallet funds.

According to cybersecurity website Bleeping Computer, the group set up profiles on LinkedIn and X, recruiting for standard crypto industry positions such as "blockchain analyst" or "social media manager." They also placed premium ads on sites such as LinkedIn, WellFound and CryptoJobsList to increase the visibility of their ads. Job seekers then received an email from the "Chief Human Resources Officer" of the fake company, inviting them to contact the fake "Chief Marketing Officer" (CMO) via Telegram.

The so-called CMO then urges them to download and install a virtual meeting software called GrassCall and enter a code provided by the CMO. GrassCall then installs various information-stealing malware or remote access trojans (RATs) that search for crypto wallets, passwords, Apple Keychain data, and authentication cookies stored in web browsers.

Most of the ads appear to have been removed from social media.