Fake Crypto Jobs Alert: GrassCall Malware App Drains Wallets via LinkedIn Scams
Fake crypto jobs
Fake crypto jobs are flooding LinkedIn right now, and job seekers are losing their entire crypto wallets to a nasty new scam. If you’ve been applying for blockchain positions lately, this could save your digital assets.
The GrassCall Malware Nightmare
Here’s what’s happening: A Russian cybercrime group called “Crazy Evil” created an entire fake crypto company, complete with LinkedIn profiles, job postings, and professional-looking websites. They’re targeting crypto professionals with LinkedIn scams that feel completely legitimate until it’s too late.
The scam centers around GrassCall malware – a fake video conferencing app that’s actually info-stealing app for crypto wallets. Once you download it, your wallets get drained faster than you can say “blockchain developer.”
BleepingComputer broke this story in February, and by then hundreds of people had already fallen for it. The damage was so widespread that the scammers actually shut down their operation and scrubbed their websites. But here’s the scary part – similar scams are popping up everywhere.
How the Chain Seeker Scam Actually Worked
The Crazy Evil hacking group didn’t mess around. They created a fake crypto company called “Chain Seeker” with all the bells and whistles you’d expect from a legitimate firm. We’re talking LinkedIn profiles for fake executives, a professional website, and job postings on major platforms like CryptoJobsList and WellFound.
Their LinkedIn fake crypto jobs looked perfect. They posted roles for blockchain developers, crypto analysts, and Web3 specialists with competitive salaries and exciting project descriptions. The fake crypto company LinkedIn profiles even had employee headshots and detailed company information.
Here’s how the Chain Seeker LinkedIn scam played out:
- You see a great crypto job posting on LinkedIn or other job sites
- You apply and get a quick response (red flag #1)
- They ask you to contact their “marketing chief” on Telegram (red flag #2)
- The Telegram contact sends you a link to download GrassCall for a “video interview”
- You download what you think is a meeting app
- Your crypto wallets get emptied
One victim, Cristian Ghita, posted on LinkedIn: “This scam was extremely well-orchestrated — they had a website, LinkedIn and X profiles, and employees listed. It looked legit from almost all angles.”
The Telegram Fake Crypto Job Scam Pipeline
The Telegram fake crypto job scam part is where things get really sneaky. After you apply for the fake crypto job LinkedIn posting, they don’t just send you malware right away. They build trust first.
The fake Crypto Jobs recruiter engages in normal conversation about the role, asks about your experience, and makes you feel like a valued candidate. Then comes the “next step” – a video call using their “proprietary” GrassCall app.
This malicious crypto meeting app looks professional enough that most people don’t question it. The scammers even created fake online reviews and social media presence for the app to make it seem legitimate.
What GrassCall App Scam Actually Does
Once you install the GrassCall app scam software, it immediately starts hunting for cryptocurrency wallets and sensitive information. This crypto wallet drain malware doesn’t just target one type of wallet – it goes after everything:
- MetaMask and browser-based wallets
- Desktop wallet applications
- Password managers with crypto credentials
- Exchange account information
- NFT wallet data
The malware targeting NFT wallets is particularly brutal because many people store high-value digital assets in these accounts. The NFT job phishing attack specifically targets gaming professionals and digital artists who often have significant NFT collections.
The Bigger Picture: Web3 Job Scam Epidemic
This isn’t just about one fake company. The Web3 job scam problem is exploding across the entire crypto industry. Recorded Future linked over ten active scams to the same cybercrime group, all targeting cryptocurrency professionals with spearphishing crypto professionals tactics.
The fake crypto job phishing attack methods are getting more sophisticated. Before GrassCall, the same group ran a similar scam called “Gatherum” using the same fake meeting app approach. When that got exposed, they simply rebranded and launched Chain Seeker.
These scam crypto companies are popping up faster than job boards can remove them. The CryptoJobsList scam postings and WellFound fake crypto job scam listings looked so legitimate that even experienced crypto professionals fell for them.
Red Flags You Need to Know
Job Posting Red Flags:
- Companies you’ve never heard of with amazing opportunities
- Immediate responses to applications
- Requests to move conversations to Telegram quickly
- Requirements to download special apps for interviews
Communication Red Flags:
- Recruiters who avoid phone calls
- Pressure to download software immediately
- Generic company information that’s hard to verify
- Job descriptions that are too good to be true
Technical Red Flags:
- Unknown video conferencing platforms
- Apps that require extensive permissions
- Software downloads from company websites instead of official app stores
- Meeting platforms that aren’t Zoom, Teams, or other known services
How to Protect Yourself Right Now
Before Applying:
- Research the company thoroughly – check their actual website, not just LinkedIn
- Look up company employees on multiple platforms
- Verify job postings exist on the company’s official careers page
- Be extra suspicious of Web3 and crypto job postings
During the Application Process:
- Never download software just for a job interview
- Stick to known video platforms for interviews
- Don’t move conversations to Telegram unless absolutely necessary
- Ask detailed questions about the company and role
If You Think You’re Targeted:
- Use a different device to change all crypto-related passwords
- Move crypto assets to fresh wallets immediately
- Enable two-factor authentication everywhere
- Monitor your wallets for suspicious activity
The LinkedIn Crypto Malware Scam Problem
LinkedIn has become ground zero for these fake job ad crypto phishing attacks. The platform’s professional appearance makes it easy for scammers to create convincing fake crypto job with malware app schemes.
The LinkedIn fake crypto jobs scam problem is so bad that job seekers are now warning each other in the comments of suspicious postings. But by the time people figure out it’s fake, the damage is often already done.
What Happened to the Victims
The cryptocurrency job seeker risk became real for hundreds of people. Many posted on social media about losing significant amounts of crypto after downloading malicious conferencing apps. Some lost everything in their wallets within hours of installing the fake software.
The psychological impact is brutal too. These people thought they were advancing their careers in the exciting Web3 space, only to discover they’d been robbed by sophisticated criminals.
Moving Forward Safely
The crypto job market is legitimate and full of real opportunities, but you need to be smarter about how you approach it. These phishing apps targeting blockchain developers are specifically designed to exploit the excitement around crypto careers.
Safe Job Search Practices:
- Only apply through official company websites when possible
- Use established job platforms with verification systems
- Network through trusted crypto community members
- Attend legitimate crypto conferences and meetups
Wallet Security:
- Use hardware wallets for significant holdings
- Keep most crypto in cold storage
- Never store large amounts in browser wallets
- Regularly audit your security practices
The Bottom Line
These fake crypto job LinkedIn scams are getting more sophisticated every month. The Web3 job seeker malware threats are real, and they’re targeting people just like you who are trying to build careers in this space.
Don’t let criminals exploit your career ambitions. The crypto industry has amazing legitimate opportunities – you just need to be careful about which ones you pursue. When something feels off about a job opportunity, trust your instincts and walk away.
Your crypto assets took time to build. Don’t lose them to a fake job posting that seemed too good to be true. Stay alert, verify everything, and remember that legitimate companies won’t ask you to compromise your security for a job interview.