Cybercriminals are spreading a cryptominer on victim devices by posing as CrowdStrike recruiters.
According to CrowdStrike, on January 7, it discovered a phishing effort that was abusing their recruitment branding.
A phishing email that poses as a component of the cybersecurity company’s hiring procedure begins the campaign. The target is invited to set up an interview for a junior developer position in the email.
A link in the email purports to direct the recipient to a website where they may set up their interview.
With distinct download URLs for Windows and macOS, this directs the user to a malicious phishing website that offers download links for a phony “CRM application.”
The user will download a Windows executable written in Rust regardless of which of these parameters is chosen. The cryptominer XMRig may be downloaded using this program.
A number of environment checks are carried out by the downloaded application in order to avoid discovery and examine the compromised device. These include utilizing the IsDebuggerPresent Windows API to determine whether a debugger is attached to the process, checking the list of active processes for popular malware analysis or virtualization software applications, and confirming that the CPU has at least two cores.
The program shows a fictitious error message pop-up before downloading further payloads to run the XMRig miner and achieve persistence if these tests are successful.
Malicious software known as “cryptominers” is made to take over a computer’s processing power and mine cryptocurrencies.
Devices that are impacted by cryptomining may overheat, causing damage and reducing their lifespan.
CrowdStrike Warns Job Seekers to be Vigilant
According to CrowdStrike, it is aware of more frauds involving fictitious job offers. Usually, phony websites, email addresses, group chats, and text messages are used in these frauds.
The vendor gave job seekers the following tips to help them avoid becoming victims of phony CrowdStrike recruiting and interview scams:
- Interviews purporting to be conducted by group chat or instant messaging
- Being required to make payments or buy goods or services as part of a job offer
- Being requested to download interview software
- Those involved in the hiring process should get in touch with [email protected] to confirm the legitimacy of CrowdStrike correspondence.
- To find out about employment vacancies and apply for a position at the firm, interested parties should visit CrowdStrike’s official Careers website.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream formerly known as CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, The Mainstream formerly known as CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, The Mainstream formerly known as CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK
