CrowdStrike disclosed that threat actors have impersonated the cybersecurity firm in a new recruitment phishing scheme that sought to facilitate XMRig cryptomining malware compromise, reports BleepingComputer.
CrowdStrike said intrusions started with the delivery of a malicious email purporting to be from a CrowdStrike employment agent that includes a link for downloading an employee CRM app, which when clicked redirected to a CrowdStrike-spoofing website offering Windows and macOS versions of the app.
According to CrowdStrike, after conducting continuous sandbox checks upon downloading, the app displays a bogus error message while fetching a configuration text file for XMRig execution before downloading the ZIP archive containing the cryptominer that's deployed in the background to conceal malicious activity.
