NEWS BRIEF

A new wave of cybercrime has emerged, with criminals masquerading as recruiters from CrowdStrike to distribute cryptomining software to unsuspecting victims.

The scheme initiates with a phishing email, which entices recipients with a request to set up an interview for a junior developer role.

This deceptive communication includes a link that claims to schedule an interview but actually redirects victims to a malicious webpage designed to promote a fake “CRM application” download.

“While phishing attempts tied to job offers are relatively common, this particular effort stands out due to its targeted approach, which surpasses the typical mass phishing tactics,” stated Chance Caldwell, senior director at the Phishing Defense Center with Cofense. “The fraudulent URLs are crafted to appear as if they are genuinely associated with CrowdStrike, and once the malware is downloaded, it even presents a pop-up directing users to the legitimate CrowdStrike support page. This level of detail and branding is rarely seen in most phishing cases.

Malicious Recruiter Lures Target Both Windows & Mac

The malicious site provides options for both Windows and macOS users. Regardless of the selected platform, the download will ultimately result in a Windows executable file written in Rust. This file, in turn, downloads XMRig, a popular cryptomining tool.

In addition, the executable performs a series of checks to assess the environment and avoid detection, including evaluations of running processes and CPU verification.

Upon passing these checks, the executable generates a deceptive error message, allowing additional malicious payloads to be downloaded, which enables the XMRig miner to operate.

CrowdStrike, which identified this malicious campaign recently, is cautioning job seekers to be on high alert, as this isn’t the only fraudulent employment scheme circulating in the wild.

The company advises against participating in interviews conducted through instant messaging or email, discourages downloading software in connection to the interview process, and emphasizes the need for job seekers to validate any communication claiming to be from CrowdStrike by reaching out directly to the official company contact points.

“It is highly improbable for a recruiter to request that a candidate download an executable file as part of the recruitment process,” Caldwell emphasized. “Any such suspicious inquiries should be thoroughly vetted prior to taking further action, and it’s critical to confirm contact information through the official company website.”

Source
www.darkreading.com

Hackers Employ Fake CrowdStrike Job Interviews as a New Tactic

Malicious Recruiter Lures Target Both Windows & Mac

Navigating the CISO Cloud Security Dilemma: Purchase, Build, or a Combination of Both?

Cyberkriminelle optimieren ihre Angriffsstrategien.

CNAPP-Kaufberatung

Neha Kakkar Breaks Silence Amid Lying Allegations: ‘Someone Will Be Behind Your Fall’

Students Involved in Alleged Lacrosse Hazing Surrender After DA Warns of Kidnapping Charges

Ice Poseidon Says He Turned Down iDubbbz’s Boxing Offer Amidst Creator Clash Uncertainty

Breaking news

Neha Kakkar Breaks Silence Amid Lying Allegations: ‘Someone Will Be Behind Your Fall’

Students Involved in Alleged Lacrosse Hazing Surrender After DA Warns of Kidnapping Charges

Trump Shares Details of His Conversation with Zelenskyy During Viral Vatican Meeting

Elon Musk Responds as Ray Dalio Highlights US Decline, Claims China Has Already Overtaken America in Global Consumption

Alejandro Kirk Sparks Blue Jays’ Comeback from Slump

Ankita Lokhande Shows Off Adorable Expressions as Vicky Jain and Nia Sharma Dance to ‘3 Peg’ | Watch Now

Kamala Harris Declares Tariff War the “Most Significant Man-Made Economic Crisis in Modern Presidential History”