BleepingComputer reports that threat actors were disclosed by CrowdStrike to have impersonated the cybersecurity firm in a new recruitment phishing scheme that sought to facilitate XMRig cryptomining malware compromise.
Intrusions discovered earlier this week commenced with the delivery of a malicious email purporting to be from a CrowdStrike employment agent that includes a link for downloading an employee CRM app, which when clicked redirected to a CrowdStrike-spoofing website offering Windows and macOS versions of the app, according to CrowdStrike. After conducting continuous sandbox checks upon downloading, the app proceeds to display a bogus error message while fetching a configuration text file for XMRig execution before downloading the ZIP archive containing the cryptominer that is eventually deployed in the background to conceal malicious activity. Such findings should prompt job seekers to be more vigilant of recruitment offers and avoid those that emphasize urgency or request downloads of third-party apps for interviews.
