Phishing Campaign Hides Malware in Resumes

For many people, applying for a new job is a soul-crushing activity on a par with cleaning the bathroom in a six-person student dorm room. 

Landing a new role can mean spending hours searching for positions, rewriting your résumé and cover letter countless times and using LinkedIn to badger people you haven’t spoken to for years into giving you a reference. 

Now cyber-criminals have given job seekers a fresh obstacle to contend with after targeting companies with a phishing campaign that hides malware in résumés sent as email attachments.

The advanced campaign, which uses multiple anti-analysis methods to deliver Quasar remote access tool (RAT), was uncovered by phishing defense service provider Cofense Intelligence. 

Quasar RAT by itself isn’t dodgy, but this legitimate open-source remote administration tool that can be found on GitHub has a history of being abused.

“This campaign is concerning as the US-CERT identifies the Quasar RAT as a favored tool of advanced persistent threat actors. This means that the most dedicated cyber-criminals are seeking to utilize this tool to exploit networks,” said Carl Wearn, head of e-crime at Mimecast.

From the outside the campaign appeared simple but a closer looked showed that the threat actors had done their homework. First, they used an easily accessible tool that makes attributing the campaign to a specific threat actor as easy as teaching a rhino the clarinet. 

Second, they laced the résumé attachment document being used to deliver Quasar RAT with a multitude of measures designed to deter detection, including password protection and encoded macros. 

Announcing its find, Cofense said that “educating employees on new phishing trends is the best way of countering a campaign such as this.”

Wearn added: “I would urge individuals, particularly those working within HR departments and used to receiving résumés or CVs, to be particularly vigilant for this form of attack. Organizations should ensure they have an up-to-date antivirus solution that can effectively resolve and detect this form of attack.”

Cobel, Sarah. “Phishing Campaign Hides Malware in Resumes” 2019 August

Because employees are the core of any business, they will be the main target for cyber-criminals. Making sure your people stay up-to-date with cyber-security knowledge, and teaching them to recognize threats is imperative to the security of your business. The threat landscape is constantly evolving and so should your approach to defense.

We offer security awareness training and phishing simulations to test employees on how they would respond to a real-life phishing attack. For the best measurement of all employees awareness, we send mock attacks at staggered times, to avoid the “prairie dog effect” where employees warn one another of the email.

Through these test campaigns we track and measure your employees strengths and weaknesses and once a learning gap is detected, we deliver interactive educational videos to the most susceptible users.

One of our most important roles as a technology service provider is to protect the assets of our clients. No matter how big or small your business is, a single compromised credential could put your entire business at risk. Give us a call to further discuss how we can help in protecting your business against cybersecurity threats and how we can make technology work for your business. Call us now at 732.780.8615

Posted in: Tech Tips for Business Owners

Leave a Comment (0) ↓

Leave a Comment