2025-01-15 03:08:55 Pacfic
Fake Job Offers Distribute CrowdStrike Cryptominer - 3d
Cybercriminals are exploiting the CrowdStrike brand by distributing a cryptominer through fake job offers. A phishing campaign has been identified where malicious actors pose as legitimate recruiters, luring job seekers with fraudulent promises of employment. Victims receive emails mimicking CrowdStrike's recruitment process, directing them to a malicious website. This site prompts them to download a fake “employee CRM application.” Despite offering download options for Windows and macOS, the site delivers a Windows executable, regardless of the user's selection.
This executable is a downloader for XMRig, a known cryptomining malware, written in Rust. Before deploying the cryptominer, the malware employs several checks to evade detection. These include verifying the presence of a debugger, analyzing active processes, and validating that the system has at least two CPU cores. Once these checks pass, a fake error message is displayed before downloading the XMRig miner. The malware achieves persistence by dropping a batch script into the Start Menu Startup directory and creating a Windows Registry logon entry. Once active, the miner uses the victim's system resources to generate cryptocurrency for the attackers, potentially causing overheating and damage to the victim's device.
ImgSrc: blogger.googleusercontent.com
References:
- ciso2ciso.com - Cybercriminals Use Fake CrowdStrike Job Offers to Distribute Cryptominer – Source: www.infosecurity-magazine.com - 3d
- securityonline.info - Recruitment Scam Targets Job Seekers with Fake CrowdStrike Branding - 3d
- @jos1264 - Cybercriminals Use Fake CrowdStrike Job Offers to Distribute Cryptominer – Source: www.infosecurity-magazine.com - 3d
- ciso2ciso.com - Fake CrowdStrike ‘Job Interviews’ Become Latest Hacker Tactic – Source: www.darkreading.com - 3d
- gbhackers.com - Beware! Fake Crowdstrike Recruitment Emails Spread Cryptominer Malware - 3d
- www.crowdstrike.com - CrowdStrike : Following CrowdStrike's successful Denial of Service attack on customers' Windows systems worldwide in July 2024, recruitment has gone up (this is a joke). CrowdStrike reports that a new - 3d
- GBHackers Security | #1 Globally Trusted Cyber Security News Platform - Beware! Fake Crowdstrike Recruitment Emails Spread Cryptominer Malware - 3d
- Cybersecurity News - Recruitment Scam Targets Job Seekers with Fake CrowdStrike Branding - 3d
- crypto.news - Cybersecurity firm CrowdStrike warns of fake job offers spreading XMRig miner - 3d
- Latest from TechRadar - CrowdStrike warns of fake job offer scam that is actually just malware - 3d
- CISO2CISO.COM & CYBER SECURITY GROUP - Cybercriminals Use Fake CrowdStrike Job Offers to Distribute Cryptominer – Source: www.infosecurity-magazine.com - 3d
- @jos1264 - Fake CrowdStrike ‘Job Interviews’ Become Latest Hacker Tactic – Source: www.darkreading.com - 3d
- @screaminggoat - CrowdStrike : Following CrowdStrike's successful Denial of Service attack on customers' Windows systems worldwide in July 2024, recruitment has gone up (this is a joke). CrowdStrike reports that a new - 3d
- SCM feed for Threat Management - CrowdStrike spoofed in recruitment phishing scam - 3d
- The Hacker News - CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer - 3d
- Security Affairs - Phishers abuse CrowdStrike brand targeting job seekers with cryptominer - 2d
- osint10x.com - Fake CrowdStrike Recruiters Distribute Malware Via Phishing Emails - 2d
- www.helpnetsecurity.com - Job-seeking devs targeted with fake CrowdStrike offer via email - 1d
- @jos1264 - Fake CrowdStrike Recruiters Distribute Malware Via Phishing Emails – Source:hackread.com - 1d
Classification:
- HashTags: Cryptominer Phishing CrowdStrike
- Company: CrowdStrike
- Target: job seekers
- Feature: Fake job offer
- Type: Malware
- Severity: Medium