CrowdStrike has warned of a new phishing campaign that mimics its recruitment process to hand over a Monero miner via a fake app download.

Global cybersecurity firm CrowdStrike has identified a phishing campaign exploiting recruitment emails to distribute the malicious Monero currency (XMR) Mining programs.

In a Blog postThe Austin-headquartered company explained that the scam uses fake job offers to trick people into downloading an app that installs an XMRig miner on their system. CrowdStrike says the phishing emails impersonate its recruitment process, luring victims to a fake website. There, they are asked to download an “employee CRM app,” which is actually an encryption software downloader.

“The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website. Victims are asked to download and run a fake application, which acts as a downloader for the XMRig encryption software.

Crowd Strike

CrowdStrike explained that the downloaded file checks the victim's system to avoid detection. “If these tests are passed, the executable will display a fake pop-up error message before continuing,” the company said. The malicious application then downloads and installs the XMRig miner.

CrowdStrike says the phishing site, cscrm-hiring(.)com, hosts the fake CRM app and urges job seekers to be careful, stressing that it never asks candidates to download software during the hiring process.

The latest campaign is a good reminder once again that cryptocurrency scams can emerge behind fake job offers. A similar incident occurred during Ronin network hack 2022in which North Korea's state-backed hacking group Lazarus Group tricked an employee with a phishing email, causing them to open a malicious PDF file, leading to the theft of over $600 million in cryptocurrency.