Cybercriminals are impersonating CrowdStrike recruiters to lure job seekers into downloading malware under the guise of job offers. Victims receive phishing emails directing them to a fake CrowdStrike website, where they are tricked into installing a malicious app that deploys XMRig, a cryptominer used to mine Monero cryptocurrency. The malware evades detection by limiting CPU usage, scanning for security tools, and establishing persistence with startup scripts. This campaign highlights a broader trend of fake job scams, similar to tactics used by the Lazarus group. CrowdStrike advises verifying job offers through official channels, avoiding unsolicited downloads, and using endpoint protection to mitigate risks. Continue here.
