Cybersecurity firm CrowdStrike warns of fake job offers spreading XMRig miner

CrowdStrike has warned of a new phishing campaign that mimics its recruitment process to deliver the Monero miner via a fake app download.

Global cybersecurity provider CrowdStrike has identified a phishing campaign exploiting its recruitment emails to distribute malicious Monero (XMR) mining software.

In a blog postThe Austin-based company explained that the scam uses fake job offers to trick people into downloading an app that installs the XMRig miner on their system. CrowdStrike claims the phishing emails impersonate its recruiting process, luring victims to a fake website. There, they are asked to download a “CRM app for employees”, which is actually a downloader for the cryptominer.

“The attack begins with a phishing email impersonating CrowdStrike recruiting, directing recipients to a malicious website. Victims are asked to download and run a fake application, which serves as a downloader for the XMRig cryptominer.

Crowd strike

CrowdStrike explained that the downloaded file checks the victim’s system to avoid detection. “If these checks pass, the executable displays a false error message before continuing,” the company said. After that, the malicious application downloads and installs the XMRig miner.

CrowdStrike says the phishing site, cscrm-hiring[.]com, hosts the fake CRM application and urges job seekers to be careful, emphasizing that it never asks candidates to download software during the recruitment process.

The latest campaign is once again a good reminder that crypto scams can appear behind fake job offers. A similar incident occurred during the Ronin network hack 2022where North Korean state-backed hacking collective Lazarus Group tricked an employee with a phishing email into opening a malicious PDF file, leading to the theft of more than 600 million dollars in crypto.