Job Seekers Beware: Fake CrowdStrike Recruitment Emails Deploy Crypto Mining Malware

Job Seekers Beware: Fake CrowdStrike Recruitment Emails Deploy Crypto Mining Malware

CrowdStrike Uncovers Crypto Mining Scam Using Company’s Brand

CrowdStrike has identified a sophisticated phishing campaign that fraudulently uses its brand to distribute cryptocurrency mining malware. The attack, discovered on January 7, 2025, targets potential victims through fake recruitment emails for junior developer positions.

The scam operates by sending phishing emails that direct recipients to download what appears to be a CRM application, supposedly required for a recruitment interview. However, the downloaded software is actually a delivery mechanism for the XMRig cryptocurrency miner.

Technical Details:
– The malware performs multiple security checks to avoid detection
– Verifies absence of debugging tools and analysis software
– Confirms minimum system requirements (dual-core CPU)
– Downloads XMRig miner from GitHub
– Establishes persistence through Windows startup folder
– Retrieves configuration from remote server (93.115.172[.]41)

Related Security Threat:
Trend Micro has also reported a separate incident involving a fake proof-of-concept for the LDAPNightmare vulnerability (CVE-2024-49113). This scam targets security researchers through a counterfeit GitHub repository, deploying an information stealer that collects system data, including:
– Public IP address
– System information
– Process lists
– Network details
– Installed updates

Both incidents highlight the increasing sophistication of cyber threats targeting technology professionals and security researchers.

Share This Article