Summary: CrowdStrike has identified a phishing campaign that impersonates the company, targeting job seekers with fake job offer emails to distribute a Monero cryptocurrency miner. The campaign tricks victims into downloading a malicious application disguised as an employee CRM tool.
Threat Actor: Unknown | unknown
Victim: Job Seekers | job seekers
Key Point :
- Phishing emails impersonate CrowdStrike, thanking candidates for applying for a developer position.
- Victims are directed to download a malicious application from a fake CrowdStrike portal.
- The downloaded tool performs checks to avoid detection before installing a Monero miner.
- Malware runs in the background with minimal resource usage and establishes persistence on the victim’s system.
- Job seekers are advised to verify recruiter identities and be cautious of unusual requests.