- CrowdStrike warns that it is being impersonated in a malware campaign
- Criminals offer fake jobs in attempt to deploy XMRig
- The campaign has only been active for a few days, so keep in mind
Hackers are impersonating well-known cybersecurity company CrowdStrike in a malware distribution campaign, the company has warned.
In a blog post, he urged software developers to be very careful when interacting with people online, as unidentified cybercriminals have created a fake CrowdStrike website to host malware on it.
They would then contact the software developers through the usual channels and offer them a job position within CrowdStrike. Those who show interest are invited to download the website’s “employee CRM app”, but it is actually a popular cryptojacker called XMRig, which mines the Monero currency for attackers.
Why Monero?
Monero is a popular choice among cybercriminals as it is designed as a privacy coin and is relatively difficult to trace. XMRig is the most popular mining malware right now and is found everywhere from cloud hosting servers to consumer computers. Cryptominers are usually easy to detect as they consume most of the infected device’s computing power. Computers become practically unusable, which is an easily detected warning sign.
However, in this case, the attackers limited the maximum power consumption of XMRig to 10% to avoid detection. Additionally, the malware adds a batch script to the Start menu’s home directory, to ensure that it always runs at boot.
CrowdStrike believes this hasn’t been happening for a long time, but fake jobs are commonplace on the internet these days, and the North Korean group Lazarus is putting it in the spotlight.
This organization is known for its “Operation DreamJob” campaign, which targets software developers and high-profile people in the technology, aerospace, defense and government industries with fake jobs.
Through beepcomputer
