Cybercriminals have been identified by CrowdStrike as using the guise of recruiters from the cybersecurity firm to spread a cryptominer on unsuspecting victims’ devices. This alarming revelation came to light on January 7 when CrowdStrike uncovered a phishing campaign that took advantage of the company’s recruitment branding.
The modus operandi of this malicious campaign begins with a deceptive email sent to potential targets, claiming to be part of CrowdStrike’s recruitment process. The email entices recipients to schedule an interview for a junior developer position within the firm. To further lure in the victims, the email includes a link that supposedly leads to a site where they can book their interview.
However, this seemingly innocuous link redirects the unsuspecting victim to a malicious phishing site. On this site, download links are provided for a fictitious “CRM application,” with separate options available for both Windows and macOS users. Regardless of the operating system chosen by the victim, the outcome remains the same – a Windows executable written in Rust is downloaded.
This executable serves as a downloader for XMRig, a cryptominer that hijacks a computer’s processing power to mine cryptocurrency. To avoid detection, the downloaded executable conducts various environment checks on the infected device. It scans the list of running processes to detect any malware analysis or virtualization software, verifies the number of CPU cores, and checks for the presence of debuggers. If these checks pass, the executable displays a fake error message before proceeding to download additional payloads to ensure persistence and run the XMRig miner.
The implications of such cryptominers can be severe, as they can cause affected devices to overheat, leading to damage and a decrease in the device’s lifespan. CrowdStrike has issued a warning to job seekers to remain vigilant and cautious amidst these scams. The cybersecurity firm is cognizant of other fraudulent schemes involving false offers of employment, which often utilize fake websites, email addresses, group chats, and text messages.
To safeguard themselves against falling victim to fake CrowdStrike interview and recruitment scams, job seekers are advised to adhere to the following precautions:
– Be wary of interviews conducted via instant message or group chat.
– Refrain from purchasing products, processing payments, or downloading software as prerequisites for employment offers.
– Verify the authenticity of CrowdStrike communications by contacting recruiting@crowdstrike.com.
– Utilize CrowdStrike’s official Careers page to explore job openings and follow the official application process.
As cyber threats continue to evolve and become more sophisticated, it is imperative for individuals to exercise caution and diligence to protect themselves from falling prey to malicious actors. CrowdStrike’s proactive measures and guidance serve as a timely reminder for job seekers to remain vigilant in the face of potential cyber scams.