sb-au logo
Story image

New phishing campaign disguises malware as CV attachments

04 Jun 2020

Organisations are being warned about bogus CVs being sent to workplace emails, containing malicious files attached in Microsoft Excel format.

Researchers at Check Point have blown the whistle on the phishing campaign, which begins with the subject line ‘applying for a job’ or ‘regarding job’ and features an attached file, which if opened, launches the ZLoader malware.

This malware then attempts to hijack private information, credentials from users of targeted financial institutions, and passwords and cookies stored in web browsers. Attackers can then exploit these acquisitions to make financial transactions.

It comes as resume or CV-themed scams have doubled in the past two months, with one out of every 450 malicious files reported involving CVs. It’s part of a wider campaign by cyber attackers across the world to exploit the worldwide crisis by any means necessary.

“As unemployment rises, cyber criminals are hard at work,” says Check Point manager of data intelligence Omer Dembinsky.

“They are using CVs to gain precious information, especially as it relates to money and banking. I strongly urge anyone opening an email with a CV attached to think twice. It very well could be something you regret.”

As jobs are lost across the world as a direct result of the COVID-19 pandemic, threat actors have seized on the opportunity, with Check Point reporting the registration of 250 new domains containing the word ‘employment’ in May alone.

Researchers found that 7% of these domains were malicious and another 9% suspicious. 

In the same month, Check Point witnessed an average of more than 158,000 COVID-19-related attacks each week. When compared to April, this is a 7% decrease. 

Domains names referencing ‘coronavirus’ or ‘COVID-19’ continue their status as hot property, with the registration of 10,704 domains of this nature in the past four weeks - 2.5% of them were malicious (256) and another 16% (1,744) suspicious, according to Check Point.

Researchers have also discovered a trend in malicious medical leave forms. 

Leading with the subject line ‘The following is a new Employee Request Form for leave within the Family and Medical Leave Act (FMLA)’, and coming from seemingly credible domains like ‘’, victims were lured into opening malicious attachments.

Once opened, victims were infected with what researchers call IcedID malware, a banking malware that targets banks, payment card providers, mobile services providers, as well as e-commerce sites.  

The malware’s aim is to trick users to submit their credentials on a fake page, which are sent to an attacker’s server.

Story image
Palo Alto Networks turns attention to supporting remote workforces
"We’re working with more organisations to pivot their security architecture and move towards a cloud-delivered security model that can safely connect any user, to any application, from anywhere.”More
Story image
Stalkerware remains significant problem throughout COVID lockdowns
Stalkerware remains a significant problem with more 50,0000 users affected globally in 2020.More
Story image
Kaspersky ranked number one in channel partner satisfaction
“Being recognised for the second consecutive year as the number one cybersecurity vendor for channel satisfaction, reflects the investment we have made in the Kaspersky United partner program over the past two years."More
Story image
Leader wins Acronis distribution agreement, brings cyber protection solutions to Aus
The agreement covers the entire Acronis Cyber Protect Cloud solution portfolio, which includes cybersecurity, backup, disaster recovery, secure file sync and share, as well as notary services.More
Story image
Investing in digital trust for the post-pandemic business landscape
Business leaders in 2021 need to make sustainable investments to give their organisations a much-needed resilience boost to tackle new disruptions, while still enabling growth.More
Story image
Essential tools for managing user identity and how they impact your bottom line
Customer identity and access management (CIAM) is how companies give their end-users access to their digital properties, as well as how they govern, collect, analyse, and securely store data for those users.More