Summary: A phishing campaign impersonating CrowdStrike is distributing a cryptocurrency miner disguised as a CRM application, targeting job applicants. Additionally, a fake proof-of-concept for a Microsoft security flaw is being used to lure security researchers into downloading malware.
Threat Actor: Unknown | unknown
Victim: CrowdStrike | CrowdStrike
Key Point :
- The phishing email claims recipients have been shortlisted for a junior developer role, prompting them to download a malicious CRM tool.
- The downloaded application performs checks to evade detection before downloading the XMRig miner in the background.
- A separate attack uses a fake PoC for a Microsoft vulnerability to deliver an information stealer disguised as a legitimate tool.
- The malicious repository replaces exploit files with a binary that executes a PowerShell script to download further malware.
Source: https://thehackernews.com/2025/01/crowdstrike-warns-of-phishing-scam.html