A scam has recently been identified that impersonates the CrowdStrike recruitment process and tricks recipients into downloading the XMRig cryptocurrency miner. Initial contact is made via email, with the email using CrowdStrike branding offering an Interview with the company.
The emails claim that the next phase of the hiring process is a 15-minute call with the hiring team; however, this year, the company is rolling out a new applicant and employee CRM app. The recipient is instructed to click the employee CRM application button, which triggers the download of a fake application for scheduling the interview. Recipients are given the option of downloading a Windows or MacOS version of the application; however, the downloaded file is an XMRig installer. When executed, checks are performed of the environment to determine if a debugger is attached to the process, the device is checked to ensure it has two cores and is suitable for cryptocurrency mining, and checks are performed to identify virtualization and running processes to prevent execution in a sandbox environment. If the checks are passed, a copy of XMRig is downloaded from GitHub and executed. If the checks are passed, the user is presented with an error message, advising them that the installation has failed, potentially due to a hardware compatibility issue. The user is told to try again by downloading the application on another device, potentially infecting a second device with XMRig.
Jobseekers are often targeted in phishing scams. In the hunt for a job, they can be susceptible to phishing attempts, forgetting their security awareness training in the hope of landing an exciting new position. Fraudsters often claim to be recruitment agents who have identified individuals for a lucrative job and may even claim that the job is theirs based on information found on professional networking sites or from headhunting activities. According to the Better Business Bureau, recruitment scams result in losses of around $2 billion each year, and these scams are becoming more common.
The scammers often seek personal information and usually require the payment of a nominal charge for job placement or training, or in this case, the goal is malware delivery. Initial contact may be made via email to a personal email address; however, this could easily result in malware being installed on a corporate-owned device. As with all phishing attempts, vigilance is key. Regardless of the subject of an email or the offer or threat contained therein, all emails should be subject to checks to assess the authenticity of the email.
For businesses, TitanHQ offers a comprehensive security awareness training platform for training workforce members on cybersecurity best practices and common threats. The platform includes hundreds of computer-based training modules covering all aspects of security. The training modules are no longer than 10 minutes, are enjoyable and engaging, and can be easily combined into training courses tailored for job roles or individuals. New content is frequently added in response to changing tactics, techniques, and procedures of threat actors to keep employees up to date on the threats they are likely to encounter.
The platform also includes a phishing simulator for assessing the effectiveness of training and identifying individuals who are susceptible to phishing attempts to ensure they receive the additional training they need. Through regular security awareness training and phishing simulations using the SafeTitan platform, businesses have been able to make measurable improvements to their human defenses, reducing susceptibility to phishing attempts by up to 80%. If you have yet to implement a security awareness training program or your employees are still falling for phishing attempts, give the TitanHQ team a call about the SafeTitan platform.