Cybercriminals have adopted a new cunning tactic by masquerading as CrowdStrike recruiters with the aim of spreading a cryptominer on unsuspecting victims’ devices. This devious scheme commences with an email, inviting the recipient to schedule a job interview with a recruiter for a junior developer position.
The fraudulent email includes a link that falsely promises to take the recipient to a website where they can arrange their interview. However, instead of fulfilling this claim, the link redirects the victim to a malicious website containing downloads for a supposed “CRM application.”
Chance Caldwell, senior director of the Phishing Defense Center at Cofense, remarked that this targeted campaign stands out from typical malicious phishing attempts. He highlighted the use of URLs designed to mimic CrowdStrike’s official links and the intricate effort put into creating a facade of legitimacy. The malware even features a pop-up that steers users to the actual CrowdStrike support portal, enhancing the deception.
The nefarious website offers choices for both Windows and macOS users, and upon selection, it initiates the download of a Windows executable written in Rust. This executable, in turn, fetches the cryptominer XMRig. The malicious program undergoes various environmental checks to avoid detection, such as scrutinizing running processes and verifying CPU information.
Should these checks pass, the executable triggers a false error message pop-up to distract the user while downloading additional components essential for running the XMRig miner. CrowdStrike, which recently uncovered this scam, urges job seekers to exercise caution as similar fraudulent employment offers circulate online.
The cybersecurity firm advises against engaging in interviews conducted via instant messaging or email, and discourages downloading any software in relation to job applications. It emphasizes the importance of verifying the authenticity of any communication purportedly from CrowdStrike by reaching out to [email protected]
Caldwell stressed the improbability of legitimate recruiters instructing candidates to download executables as part of the interview process. Any suspicious requests should undergo thorough verification, and contact details must be cross-checked with the official company website before proceeding.
In conclusion, individuals must remain vigilant against such sophisticated phishing scams that attempt to infiltrate systems under the guise of job opportunities. Diligence and scrutiny are crucial in safeguarding personal and organizational data from falling into the hands of cybercriminals.