Warnings are circling on the internet urging people to beware of Web3 job scams. Criminals are luring victims into fake job interviews in an attempt to steal their crypto assets.
A blockchain developer with the handle @xLuisCumbi on the X platform warned that scammers are reaching out to potential "candidates" for a job just to later trick them into downloading malicious software, which is described as the online meeting app GrassCall.
🚨🚨SCAM ALERT🚨🚨
undefined Luis (@xLuisCumbi) February 26, 2025
another day, another scam
Watch out with this common scam where someone else ask you to download a software to have a meeting about xyz job.
This app called grasscall will drain your wallet with cero possibility to recover them
The guy that is reaching people… pic.twitter.com/cgHpCGvq2t
The developer shared several screenshots with messages from the alleged scammers, who "were impressed" with the victim's "experience and skills" and were seeking to "explore potential collaboration opportunities on our innovative Web3 project." They also offer "competitive compensation packages" and claim to be Japanese, now looking to expand into "the English-speaking Twitter Web3 space."
Soon after, a link to download the Grasscall app is sent with instructions on how to join a meeting.
According to MalwareHunterTeam, victims who ran the malware on Windows should treat their systems as fully compromised. "Everything you had on that could be accessed/stolen by the actors."
"The PC itself can be used as before if you do a full clean Windows install on it (so nothing kept from the previous install)," they said, noting that this malware campaign reminds them of another scam project, Echonex, which also asks for a code before infecting the victim's computer with malware.
Meanwhile, in the case of macOS, they suggested changing passwords and signing out from all active sessions for all sites, services, etc., where credentials were saved on that device or were logged in at the time of running the malware.
"It steals browser data, cryptocurrency wallet data, etc... and that's all. No backdoors placed, no persistence, etc.," the team added, noting that if the malicious file hasn't been opened, deleting it should be sufficient.
Meanwhile, people targeted by Grasscall are sharing their stories on X.
"Just had another scam attempt – this time from a ‘community manager’ supposedly connected to legitimate bitcoin projects like @ArkLabsHQ and @Joltz_btc. They use two sites, Grasscall[.]app and Call-WeChat[.]com, which operate the same way: they trick users into downloading a malicious installer that copies a hidden executable into a system folder," bitcoin engineer James Scaur said.
In either case, scammers keep flooding the market with more malicious meeting platforms.
"After 'GrassCall,' now here comes the next totally legit AI-powered meeting platform: 'VibeCall,'" MalwareHunterTeam found.
Your email address will not be published. Required fields are markedmarked