Cybersecurity Firm CrowdStrike Warns Of Fake Job Offers Spreading XMRig Miner

CrowdStrike has warned of a new phishing campaign that mimics its recruitment process to deliver the Monero miner via a fake application download.

Global cybersecurity provider CrowdStrike has identified a phishing campaign exploiting its recruitment emails to distribute a malicious Monero (XMR) mining software.

In a blog post, the Austin-headquartered firm explained that the scam uses fake job offers to trick people into downloading an application that installs the XMRig miner on their system. CrowdStrike says the phishing emails impersonate its recruitment process, luring victims to a fake website. There, they are asked to download an “employee CRM application,” which is actually a downloader for the cryptominer.

“The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website. Victims are prompted to download and run a fake application, which serves as a downloader for the cryptominer XMRig.”

CrowdStrike

CrowdStrike explained that the downloaded file checks the victim’s system to avoid detection. “If these checks are passed, the executable displays a fake error message pop-up before continuing,” the firm said. After this, the malicious application downloads and installs the XMRig miner.

CrowdStrike says the phishing site, cscrm-hiring[.]com, hosts the fake CRM application and urges job seekers to be cautious, stressing that it never asks candidates to download software during the recruitment process.

The latest campaign is once again a good reminder that crypto scams can show up behind fake job offers. A similar incident happened during the 2022 Ronin Network hack, where North Korean state-backed hacking collective Lazarus Group tricked an employee with a phishing email, getting them to open a malicious PDF file, which led to the theft of over $600 million in crypto.