CrowdStrike warns it is being impersonated in a malware campaignCrooks are offering fake job positions, in an attempt to deploy XMRigThe campaign has only been active for a few days, so be aware
Hackers are impersonating well-known cybersecurity company CrowdStrike in a malware delivery campaign, the company has warned.
In a blog post, it urged software developers to be extra careful when engaging with people online, as unidentified cybercriminals have created a fake CrowdStrike website to host malware on it.
Then, they would reach out to software developers via the usual channels, and offer a job position within CrowdStrike. Those who show interest are invited to download the “employee CRM application” from the website – but in reality, this is a popular cryptojacker called XMRig, which mines the Monero currency for the attackers.
Why Monero?
Monero is a popular choice among cybercriminals since it is designed as a privacy coin, and is relatively difficult to trace. XMRig is the most popular mining malware at the moment, found everywhere from cloud hosting servers to consumer computers. Usually, cryptominers are easy to spot, since they consume most of the infected device’s computing power. The computers are rendered practically useless, which is a red flag that is easily picked up.
However, in this case, the attackers limited XMRig’s maximum power consumption to 10%, in order to avoid being detected. Furthermore, the malware adds a batch script in the Start Menu Startup directory, to make sure it always runs on boot.
CrowdStrike believes that it hasn’t been going on for too long, but fake jobs are a common occurrence on the internet these days, with the North Korean group Lazarus bringing it into the spotlight.
This organization is known for its “Operation DreamJob” campaign, targeting software developers and high-profile individuals in technology, aerospace, defense, and government industries, with fake jobs.
Via BleepingComputer
You might also like
This devious malware looked to exploit braille characters to breach Windows security flawsHere’s a list of the best antivirus tools on offerThese are the best endpoint protection tools right now