Recruitment Phishing Scam Imitates Hiring Process

Jan. 10, 2025, 1:12 p.m.

Description

A sophisticated phishing campaign has been discovered that exploits recruitment branding to deliver malware. The attack begins with a phishing email impersonating a recruitment process, directing victims to a malicious website. Users are prompted to download a fake application, which serves as a downloader for the XMRig cryptominer. The malware performs environment checks to evade detection, downloads configuration files and the XMRig executable, and establishes persistence through multiple methods. This campaign highlights the importance of vigilance against phishing scams, particularly those targeting job seekers. Organizations are advised to educate employees on phishing tactics, monitor for suspicious network traffic, and employ endpoint protection solutions to detect and block malicious activity.

External References

https://www.crowdstrike.com/en-us/blog/recruitment-phishing-scam-imitates-crowdstrike-hiring-process
https://otx.alienvault.com/pulse/67810fc87f1cc5b6d8ca91d6
Tags
phishing
social engineering
cryptominer
recruitment
2025-01-10
job seekers

Date

  • Created: Jan. 10, 2025, 12:17 p.m.
  • Published: Jan. 10, 2025, 12:17 p.m.
  • Modified: Jan. 10, 2025, 1:12 p.m.

Indicators

  • 96558bd6be9bcd8d25aed03b996db893ed7563cf10304dffe6423905772bbfa1
  • 7c370211602fcb54bc988c40feeb3c45ce249a8ac5f063b2eb5410a42adcc030
  • 62f3a21db99bcd45371ca4845c7296af81ce3ff6f0adcaee3f1698317dd4898b
  • 93.115.172.41
  • cscrm-hiring.com
Download all indicators here!

Attack Patterns

  • XMRig