Scammers are targeting job seekers with a phishing campaign that installs a cryptominer onto victims’ devices. Victims receive a fraudulent email from fake recruiters suggesting they schedule a job interview. However, the supplied link redirects to a malicious website, causing a download of a ‘CRM application’, which is actually a Windows executable written in Rust. On execution, it downloads the XMRig cryptominer, hijacking the computer’s resources affecting performance, and potentially causing hardware damage.
The NCSC wants developers to get serious on software security
The NCSC’s new Software Security Code of Practice has been praised by cyber professionals as a significant advancement in enhancing software supply chain security.
