Phishy Job Offers: How Fake CrowdStrike Emails Mine More Than Just Your Interest
CrowdStrike warns of a phishing scam where fake job offer emails lead candidates to download a “CRM app” that infects their devices with a Monero miner. Job seekers should verify recruiter identities and be cautious of downloads. Remember, if it sounds too good to be true, it probably involves cryptocurrency mining.
Hot Take:
Looks like the only thing more ruthless than job hunting is the job hunter hunting you! Phishing scammers are at it again, and this time, they’ve dressed up as CrowdStrike to give job seekers the surprise of their lives. Who knew a fake job offer could lead to mining cryptocurrency? If you thought you were getting paid to work, think again. You’re just paying the electric bill for a Monero miner. Keep your CVs safe and your antivirus closer!
Key Points:
- Phishing campaign uses fake CrowdStrike job offers to distribute XMRig miner.
- Email directs victims to download a fake CRM app from a bogus website.
- App employs sandbox checks to evade analysis before downloading the miner.
- Miner consumes minimal CPU power to avoid detection, ensuring persistence.
- Verifying recruiter identities and avoiding sketchy downloads is advised.