Fake CrowdStrike 'Job Interviews' Become Latest Hacker Tactic
Cybercriminals have picked up a new tactic, impersonating CrowdStrike recruiters in order to distribute a cryptominer on their victims' devices.
This malicious campaign starts with an email, inviting the victim to schedule an interview with a recruiter for a position as a junior developer.
The illegitimate email contains a link, alleging that it will take the recipient to a site so they can schedule their interview, but in reality, takes the victim to a malicious website containing links to download a purported "CRM application."
"While interview and job-related phishing emails are not uncommon, this is a very targeted campaign that goes beyond the vast majority of malicious campaigns we see with this theme," said Chance Caldwell, senior director of the Phishing Defense Center at Cofense, in an emailed statement. "The campaign uses URLs that were created to look like they might actually belong to CrowdStrike, and the downloaded malware provides a pop-up that directs users to the real CrowdStrike support portal. Most of the use cases we see are lucky to have proper branding, much less the extended work done here to really portray themselves as CrowdStrike."
Malicious Recruiter Lures Target Both Windows & Mac
The site offers options for both Windows and macOS, and regardless of which option the victim chooses, once selected, it will download a Windows executable written in Rust. The executable will then download the cryptominer XMRig.
The executable runs several environmental checks to analyze the device and evade detection, such as scanning the running processes, verifying the CPU, and more.
If the checks are passed, the executable will display a false error message pop-up for the user, while downloading additional payloads needed to run the XMRig miner.
CrowdStrike, which identified the campaign just days ago, is warning job seekers to be vigilant, as this is not the only scam involving fake employment offers that's circulating out there.
It recommended avoiding any interviews carried out through instant message or email, and refusing to download any software for an interview, and it stressed the importance of verifying the authenticity of any CrowdStrike hiring communications by contacting [email protected].
"It is very unlikely that a recruiter will direct someone to download an executable as part of the interview process," Caldwell noted. "Any suspicious requests, such as this one, should be sufficiently verified before downloading anything, and contact information should be verified through the legitimate company website."
Russia Carves Out Commercial Surveillance Success Globally
DoJ Indicts Three Russians for Operating Crypto Mixers Used in Cybercrime Laundering
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives
Free online web security scanner
