sb-eu logo
Story image

New phishing campaign disguises malware as CV attachments

04 Jun 2020

Organisations are being warned about bogus CVs being sent to workplace emails, containing malicious files attached in Microsoft Excel format.

Researchers at Check Point have blown the whistle on the phishing campaign, which begins with the subject line ‘applying for a job’ or ‘regarding job’ and features an attached file, which if opened, launches the ZLoader malware.

This malware then attempts to hijack private information, credentials from users of targeted financial institutions, and passwords and cookies stored in web browsers. Attackers can then exploit these acquisitions to make financial transactions.

It comes as resume or CV-themed scams have doubled in the past two months, with one out of every 450 malicious files reported involving CVs. It’s part of a wider campaign by cyber attackers across the world to exploit the worldwide crisis by any means necessary.

“As unemployment rises, cyber criminals are hard at work,” says Check Point manager of data intelligence Omer Dembinsky.

“They are using CVs to gain precious information, especially as it relates to money and banking. I strongly urge anyone opening an email with a CV attached to think twice. It very well could be something you regret.”

As jobs are lost across the world as a direct result of the COVID-19 pandemic, threat actors have seized on the opportunity, with Check Point reporting the registration of 250 new domains containing the word ‘employment’ in May alone.

Researchers found that 7% of these domains were malicious and another 9% suspicious. 

In the same month, Check Point witnessed an average of more than 158,000 COVID-19-related attacks each week. When compared to April, this is a 7% decrease. 

Domains names referencing ‘coronavirus’ or ‘COVID-19’ continue their status as hot property, with the registration of 10,704 domains of this nature in the past four weeks - 2.5% of them were malicious (256) and another 16% (1,744) suspicious, according to Check Point.

Researchers have also discovered a trend in malicious medical leave forms. 

Leading with the subject line ‘The following is a new Employee Request Form for leave within the Family and Medical Leave Act (FMLA)’, and coming from seemingly credible domains like ‘’, victims were lured into opening malicious attachments.

Once opened, victims were infected with what researchers call IcedID malware, a banking malware that targets banks, payment card providers, mobile services providers, as well as e-commerce sites.  

The malware’s aim is to trick users to submit their credentials on a fake page, which are sent to an attacker’s server.

Story image
Exabeam and Code42 partner up to launch insider threat solution
The solution will give customers a fuller picture of their environment, and will leverage automated incident response to obstruct insider threat before data loss occurs.More
Story image
Sophos named mobile security Leader in IDC MarketScape
Sophos Intercept X for Mobile has capabilities in protecting Android, iOS and Chrome OS users from known and never before seen mobile threats.More
Story image
Ripple20 threat has potential for 'vast exploitation', ExtraHop researchers find
One in three IT environments are vulnerable to a cyber threat known as Ripple20. This is according to a new report from ExtraHop, a cloud-native network detection and response solutions provider. More
Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More
Story image
Cryptomining trojan malware discovered by ESET researchers
The malware, primarily targeting victims in Czechia and Slovakia, prioritises subterfuge through deployment of multiple techniques to avoid detection, and leans heavily on the Tor network and BitTorrent protocol to achieve its goals.More
Story image
Gartner: By 2023, 65% of the world will have personal data covered under modern privacy regulations
“Security and risk management (SRM) leaders need to help their organisation adapt their personal data handling practices without exposing the business to loss."More