- CrowdStrike warns that it is being imitated in a malware campaign
- Scammers offer fake job offers in an attempt to leverage XMRig
- The campaign has only been active for a few days, so pay attention
Hackers are impersonating well-known cybersecurity firm CrowdStrike in a malware delivery campaign, the company warned.
In a blog post, it urged software developers to be extra careful when interacting with people online as unidentified cybercriminals have created a fake CrowdStrike website to host malware on it.
They then contacted software developers through the usual channels and offered them a job within CrowdStrike. Those who show interest are invited to download the “Employee CRM Application” from the website, but in reality this is a popular cryptojacker called XMRig, which mines the Monero currency for the attackers.
Why Monero?
Monero is a popular choice among cybercriminals because it is designed as a privacy coin and is relatively difficult to track. XMRig is currently the most popular mining malware and can be found everywhere from cloud hosting servers to consumer computers. Normally, crypto miners are easy to spot because they consume most of the computing power of the infected device. The computers are rendered virtually useless, which is a red flag that can be easily picked up.
However, in this case, the attackers limited XMRig’s maximum power consumption to 10% to avoid being detected. Additionally, the malware adds a batch script to the Startup menu folder to ensure it always runs during startup.
CrowdStrike believes it hasn’t been going on for very long, but fake jobs are a common occurrence on the internet these days, with North Korean group Lazarus putting it in the spotlight.
This organization is known for its ‘Operation DreamJob’ campaign, which targets software developers and high-profile individuals in the technology, aerospace, defense and government sectors, with fake jobs.
Via BleepingComputer