sb-nz logo
Story image

New phishing campaign disguises malware as CV attachments

04 Jun 2020

Organisations are being warned about bogus CVs being sent to workplace emails, containing malicious files attached in Microsoft Excel format.

Researchers at Check Point have blown the whistle on the phishing campaign, which begins with the subject line ‘applying for a job’ or ‘regarding job’ and features an attached file, which if opened, launches the ZLoader malware.

This malware then attempts to hijack private information, credentials from users of targeted financial institutions, and passwords and cookies stored in web browsers. Attackers can then exploit these acquisitions to make financial transactions.

It comes as resume or CV-themed scams have doubled in the past two months, with one out of every 450 malicious files reported involving CVs. It’s part of a wider campaign by cyber attackers across the world to exploit the worldwide crisis by any means necessary.

“As unemployment rises, cyber criminals are hard at work,” says Check Point manager of data intelligence Omer Dembinsky.

“They are using CVs to gain precious information, especially as it relates to money and banking. I strongly urge anyone opening an email with a CV attached to think twice. It very well could be something you regret.”

As jobs are lost across the world as a direct result of the COVID-19 pandemic, threat actors have seized on the opportunity, with Check Point reporting the registration of 250 new domains containing the word ‘employment’ in May alone.

Researchers found that 7% of these domains were malicious and another 9% suspicious. 

In the same month, Check Point witnessed an average of more than 158,000 COVID-19-related attacks each week. When compared to April, this is a 7% decrease. 

Domains names referencing ‘coronavirus’ or ‘COVID-19’ continue their status as hot property, with the registration of 10,704 domains of this nature in the past four weeks - 2.5% of them were malicious (256) and another 16% (1,744) suspicious, according to Check Point.

Researchers have also discovered a trend in malicious medical leave forms. 

Leading with the subject line ‘The following is a new Employee Request Form for leave within the Family and Medical Leave Act (FMLA)’, and coming from seemingly credible domains like ‘’, victims were lured into opening malicious attachments.

Once opened, victims were infected with what researchers call IcedID malware, a banking malware that targets banks, payment card providers, mobile services providers, as well as e-commerce sites.  

The malware’s aim is to trick users to submit their credentials on a fake page, which are sent to an attacker’s server.

Story image
Data transparency increasingly important, Kaspersky study states
“It is clear from the data that people have developed a sense of control and they are now demanding openness about how and where their data is being managed."More
Story image
ThreatQuotient hits $22.5m in new financing, continues growth streak
“Since we first invested in ThreatQuotient in 2017, their team has continued to prove to the market that there is a critical need for cybersecurity solutions aimed at security operations."More
Story image
Soft Solutions rolls out new WatchGuard billing system for NZ
"This flexible procurement model builds upon our partner first strategy, supports companies in their cloud transformation and allows them to benefit from increased protection and flexible, scalable IT infrastructure."More
Story image
Financial malware activity dropped in 2020 as creators honed their wares
Cybercriminals used the time to plan more malicious propagation techniques, both new and evolved from previous methods.More
Story image
Need for greater understanding of data security responsibility as cloud adoption grows - report
Despite the accelerated adoption of cloud services, there was a lack of clarity and confidence regarding the protection and recovery of data stored in public clouds.More
Story image
Cybersecurity budgets still not keeping up with threats — report
Executive teams are failing to recognise the level of damage cyber-threats pose to organisations, according to Sophos — many of them taking a ‘conservative approach’ to cybersecurity expenditure.More