Fake job interview emails installing hidden cryptocurrency mining malware

The job market has been tough in recent years, especially in the tech industry. With many people actively seeking employment, scammers have found a new way to take advantage of job seekers. They are posing as recruiters and spreading crypto miners on people’s devices.

This new scam starts with an email inviting the recipient to schedule an interview for a job. However, when the person clicks on the link provided, it actually installs a malicious app that secretly mines cryptocurrency on their device. This app hijacks the computer’s resources, such as the CPU and GPU, causing a significant slowdown in performance.

The fraudulent emails are often pretending to be from recruiters at cybersecurity company CrowdStrike. The email contains a link that redirects the victim to a malicious website offering a download for a supposed “CRM application.” Regardless of whether the victim selects the Windows or macOS download option, the download will be a Windows executable written in Rust that downloads the XMRig cryptominer.

Once the cryptominer is installed on a device, it can severely impact its performance. The mining process requires a lot of computational power, causing the computer to slow down, become unresponsive, run hotter than usual, and consume more power. Prolonged use of cryptominers can even lead to hardware damage due to increased strain on components.

CrowdStrike is aware of this scam and advises individuals to stay vigilant. They recommend verifying the authenticity of communications and avoiding downloading unsolicited files. Additionally, they suggest educating employees on phishing tactics, monitoring for suspicious network traffic, and employing endpoint protection solutions to detect and block malicious activity.

To stay safe from job interview scams like this, it is important to check if you actually applied for the job, verify recruiter credentials, avoid downloading unsolicited files, inspect links before clicking, and use strong antivirus software to detect and block malicious downloads. By following these steps, you can protect yourself from falling victim to these types of scams.

In conclusion, it is crucial to be cautious when receiving unsolicited emails and to verify the authenticity of any links or downloads before clicking on them. By staying vigilant and using strong security measures, you can protect yourself from falling prey to scammers looking to exploit job seekers in the tech industry.