A sophisticated phishing campaign has been discovered that exploits recruitment branding to deliver malware. The attack begins with a phishing email impersonating a recruitment process, directing victims to a malicious website. Users are prompted to download a fake application, which serves as a downloader for the XMRig cryptominer. The malware performs environment checks to evade detection, downloads configuration files and the XMRig executable, and establishes persistence through multiple methods. This campaign highlights the importance of vigilance against phishing scams, particularly those targeting job seekers. Organizations are advised to educate employees on phishing tactics, monitor for suspicious network traffic, and employ endpoint protection solutions to detect and block malicious activity.