CrowdStrike warns of fake job offer scam that is actually just malware

Red padlock open on electric circuits network dark red background

(Image credit: Shutterstock/Chor muang)

CrowdStrike warns it is being impersonated in a malware campaign
Crooks are offering fake job positions, in an attempt to deploy XMRig
The campaign has only been active for a few days, so be aware

Hackers are impersonating well-known cybersecurity company CrowdStrike in a malware delivery campaign, the company has warned.

In a blog post, it urged software developers to be extra careful when engaging with people online, as unidentified cybercriminals have created a fake CrowdStrike website to host malware on it.

Then, they would reach out to software developers via the usual channels, and offer a job position within CrowdStrike. Those who show interest are invited to download the “employee CRM application” from the website - but in reality, this is a popular cryptojacker called XMRig, which mines the Monero currency for the attackers.

Why Monero?

Monero is a popular choice among cybercriminals since it is designed as a privacy coin, and is relatively difficult to trace. XMRig is the most popular mining malware at the moment, found everywhere from cloud hosting servers to consumer computers. Usually, cryptominers are easy to spot, since they consume most of the infected device’s computing power. The computers are rendered practically useless, which is a red flag that is easily picked up.

However, in this case, the attackers limited XMRig’s maximum power consumption to 10%, in order to avoid being detected. Furthermore, the malware adds a batch script in the Start Menu Startup directory, to make sure it always runs on boot.

CrowdStrike believes that it hasn’t been going on for too long, but fake jobs are a common occurrence on the internet these days, with the North Korean group Lazarus bringing it into the spotlight.

This organization is known for its “Operation DreamJob” campaign, targeting software developers and high-profile individuals in technology, aerospace, defense, and government industries, with fake jobs.

Via BleepingComputer

This devious malware looked to exploit braille characters to breach Windows security flaws
Here's a list of the best antivirus tools on offer
These are the best endpoint protection tools right now

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.