A sophisticated phishing campaign has been discovered that exploits recruitment branding to deliver malware. The attack begins with a phishing email impersonating a recruitment process, directing victims to a malicious website. Users are prompted to download a fake application, which serves as a downloader for the XMRig cryptominer. The malware performs environment checks to evade detection, downloads configuration files and the XMRig executable, and establishes persistence through multiple methods. This campaign highlights the importance of vigilance against phishing scams, particularly those targeting job seekers. Organizations are advised to educate employees on phishing tactics, monitor for suspicious network traffic, and employ endpoint protection solutions to detect and block malicious activity. Author: AlienVault
Related Tags:
job seekers
cryptominer
XMRig
T1547.001
T1059.003
T1012
social engineering
T1057
T1083
Associated Indicators:
96558BD6BE9BCD8D25AED03B996DB893ED7563CF10304DFFE6423905772BBFA1
B26AABCB0E44AF091F8ADC8BD9C44CA2831B0463
7D6B277566CD13C79FC985CD532837AE
cscrm-hiring.com
93.115.172.41