Fake job applications used to steal banking credentials
During May, researchers at Check Point have seen a doubling in the number of malicious files sent by email claiming to be resumes or CVs from individuals, as hackers exploit the unemployment and remuneration schemes resulting from the COVID-19 pandemic.
In addition they have noted that seven percent of domains registered containing the word 'employment' are malicious. There has also been a 16 percent increase in malware attacks overall, compared to March and April.
Malicious files attached in Microsoft Excel format, were sent via email with subject lines such as: 'applying for a job' or 'regarding job'. As victims opened the attached files, they were asked to 'enable content'. After enabling, victims were infected with the infamous ZLoader malware, a banking malware designed to steal credentials and other private information from users of targeted financial institutions.
The malware in also capable of stealing passwords and cookies stored in victims' web browsers. Using the stolen information the malware can allow threat actors to connect to the victim's system and make illicit financial transactions from the banking user’s legitimate device.
Another related form of attack seen has been malicious medical leave forms. These documents, using names such as 'COVID -19 FLMA CENTER.doc', infect victims with what researchers call IcedID malware, a banking malware that targets banks, payment card providers, mobile services providers, as well as eCommerce sites.
Omer Dembinsky, manager of data intelligence at Check Point says, "As unemployment rises, cyber criminals are hard at work. They are using CVs to gain precious information, especially as it relates to money and banking. I strongly urge anyone opening an email with a CV attached to think twice. It very well could be something you regret."
You can read more on the Check Point blog.