Unmasking GrassCall Campaign: The APT Behind Job Recruitment Cyber Scams

SUMMARY :

The GrassCall malware campaign is an advanced social engineering attack conducted by a Russian-speaking cybercriminal group called Crazy Evil. Targeting job seekers in the cryptocurrency and Web3 sectors, the campaign uses fake job interviews to compromise victims' systems and steal cryptocurrency assets. The attackers create a fake company, post job advertisements on reputable platforms, and guide candidates through a sophisticated process involving phishing emails, Telegram conversations, and the installation of malicious software disguised as a video conferencing application. The malware deployed includes a Remote Access Trojan (RAT) and information-stealing programs like Rhadamanthys for Windows users, and the Atomic macOS Stealer (AMOS) for Mac users. The campaign has affected hundreds of people, with some victims reporting drained cryptocurrency wallets.

OPENCTI LABELS :

rat,phishing,amos,social engineering,cryptocurrency theft,rhadamanthys,job recruitment,atomic macos stealer (amos),grasscall


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Unmasking GrassCall Campaign: The APT Behind Job Recruitment Cyber Scams