CyberSecurity news
FlagThis
info@thehackernews.com (The Hacker News)@The Hacker News - 50d
Cybercriminals are exploiting the CrowdStrike brand by distributing a cryptominer through fake job offers. A phishing campaign has been identified where malicious actors pose as legitimate recruiters, luring job seekers with fraudulent promises of employment. Victims receive emails mimicking CrowdStrike's recruitment process, directing them to a malicious website. This site prompts them to download a fake “employee CRM application.” Despite offering download options for Windows and macOS, the site delivers a Windows executable, regardless of the user's selection.
This executable is a downloader for XMRig, a known cryptomining malware, written in Rust. Before deploying the cryptominer, the malware employs several checks to evade detection. These include verifying the presence of a debugger, analyzing active processes, and validating that the system has at least two CPU cores. Once these checks pass, a fake error message is displayed before downloading the XMRig miner. The malware achieves persistence by dropping a batch script into the Start Menu Startup directory and creating a Windows Registry logon entry. Once active, the miner uses the victim's system resources to generate cryptocurrency for the attackers, potentially causing overheating and damage to the victim's device.
ImgSrc: blogger.googleu
References :
This executable is a downloader for XMRig, a known cryptomining malware, written in Rust. Before deploying the cryptominer, the malware employs several checks to evade detection. These include verifying the presence of a debugger, analyzing active processes, and validating that the system has at least two CPU cores. Once these checks pass, a fake error message is displayed before downloading the XMRig miner. The malware achieves persistence by dropping a batch script into the Start Menu Startup directory and creating a Windows Registry logon entry. Once active, the miner uses the victim's system resources to generate cryptocurrency for the attackers, potentially causing overheating and damage to the victim's device.
ImgSrc: blogger.googleu
Share:
References :
- ciso2ciso.com: Cybercriminals Use Fake CrowdStrike Job Offers to Distribute Cryptominer – Source: www.infosecurity-magazine.com
- securityonline.info: Recruitment Scam Targets Job Seekers with Fake CrowdStrike Branding
- : Cybercriminals Use Fake CrowdStrike Job Offers to Distribute Cryptominer – Source: www.infosecurity-magazine.com
- ciso2ciso.com: Fake CrowdStrike ‘Job Interviews’ Become Latest Hacker Tactic – Source: www.darkreading.com
- gbhackers.com: Beware! Fake Crowdstrike Recruitment Emails Spread Cryptominer Malware
- www.crowdstrike.com: CrowdStrike : Following CrowdStrike's successful Denial of Service attack on customers' Windows systems worldwide in July 2024, recruitment has gone up (this is a joke). CrowdStrike reports that a newly discovered phishing campaign uses CrowdStrike recruitment branding to convince victims to download a fake application, which serves as a downloader for the XMRig cryptominer. They describe the infection chain and provide Indicators of Compromise.
- gbhackers.com: Beware! Fake Crowdstrike Recruitment Emails Spread Cryptominer Malware
- securityonline.info: Recruitment Scam Targets Job Seekers with Fake CrowdStrike Branding
- crypto.news: Cybersecurity firm CrowdStrike warns of fake job offers spreading XMRig miner
- Latest from TechRadar: CrowdStrike warns of fake job offer scam that is actually just malware
- ciso2ciso.com: Cybercriminals Use Fake CrowdStrike Job Offers to Distribute Cryptominer – Source: www.infosecurity-magazine.com
- : Fake CrowdStrike ‘Job Interviews’ Become Latest Hacker Tactic – Source: www.darkreading.com
- : CrowdStrike : Following CrowdStrike's successful Denial of Service attack on customers' Windows systems worldwide in July 2024, recruitment has gone up (this is a joke). CrowdStrike reports that a newly discovered phishing campaign uses CrowdStrike recruitment branding to convince victims to download a fake application, which serves as a downloader for the XMRig cryptominer. They describe the infection chain and provide Indicators of Compromise.
- www.scworld.com: CrowdStrike spoofed in recruitment phishing scam
- The Hacker News: CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer
- securityaffairs.com: Phishers abuse CrowdStrike brand targeting job seekers with cryptominer
- osint10x.com: Fake CrowdStrike Recruiters Distribute Malware Via Phishing Emails
- www.helpnetsecurity.com: Job-seeking devs targeted with fake CrowdStrike offer via email
- : Fake CrowdStrike Recruiters Distribute Malware Via Phishing Emails – Source:hackread.com
Classification:
- HashTags: #Cryptominer #Phishing #CrowdStrike
- Company: CrowdStrike
- Target: job seekers
- Feature: Fake job offer
- Malware: XMRig
- Type: Malware
- Severity: Medium