BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

French Firms Targeted by Resume-Carrying Cryptomining Malware

Phishing campaign uses fake French resumes to deploy rapid crypto-mining and data-stealing malware on corporate networks.

  • A phishing campaign uses fake, obfuscated French-language resumes to deliver malware that mines cryptocurrency and steals data.
  • The attack chain completes in just 25 seconds and specifically targets domain-joined corporate machines, excluding home systems.
  • Threat actors abuse legitimate services like Dropbox, WordPress, and mail[.]ru for payload delivery, command-and-control, and data exfiltration.
  • The malware disables security controls, deletes forensic evidence, and uses the official WinRing0 driver to maximize CPU mining.

A new phishing campaign, codenamed FAUX#ELEVATE, is actively targeting French-speaking businesses with fraudulent resumes that deploy cryptocurrency miners and information stealers, according to a report from Securonix researchers.

- Advertisement -

The campaign delivers highly obfuscated VBScript files disguised as corrupted documents. However, these scripts perform sandbox checks and repeatedly prompt for admin rights in a persistent UAC loop.

Consequently, a massive 9.7MB dropper file, containing only 266 lines of real code amidst junk text, springs into action. It first ensures execution only on enterprise systems by checking the domain-join status using WMI.

Once administrative access is granted, the malware swiftly disables Microsoft Defender and UAC before deleting itself. It then fetches password-protected toolkits from Dropbox containing credential stealers and a Monero miner.

The attackers use tools like ChromElevator to bypass browser encryption and steal data. Meanwhile, a separate component retrieves mining configuration from a compromised Moroccan WordPress site to run the XMRig miner at full capacity.

- Advertisement -

Stolen browser credentials and desktop files are exfiltrated via mail[.]ru SMTP servers to an attacker-controlled address. The researchers noted, “The full infection chain completes in approximately 25 seconds from initial VBS execution to credential exfiltration.”

Finally, the malware executes an aggressive cleanup of most dropped tools to minimize its forensic footprint. This leaves only the persistent miner and a trojan that modifies firewall rules on the compromised host.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Cambridge: Ethereum Energy Intensity Low, Overall Use High

Ethereum consumes roughly 7.87 GWh annually, the second-lowest energy intensity per market value among...

Saylor and Back oppose BIP-110 fork over Bitcoin security fears

Michael Saylor and Adam Back have publicly opposed BIP-110, a temporary Bitcoin fork proposal...

China, India groups target Pakistani police in cyber espionage

Suspected China- and India-aligned threat actors targeted Pakistani law enforcement in a sustained cyber...

AMD Stock Dips 10% Amid AI Volatility Ahead of Q3 Earnings

AMD stock fell nearly 10% from $580 on June 30 to roughly $516 by...

Bitcoin Creator Back Warns BIP-110 Data Limit Could Split Network

Adam Back said Bitcoin has "robustly rejected" BIP-110, arguing the proposal conflicts with the...

Must Read

Symbiosis Crypto Bridge: Your Guide to Moving Assets Between Blockchains

What is a Cross-Chain Crypto Bridge?Why Choose Symbiosis for Your Cross-Chain Needs?Support for 50+ BlockchainsAutomatic Routing for the Best RatesNo Need for RegistrationDirect Wallet...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading