Security researchers have discovered malicious files disguised as online resumes that trick victims into giving up their banking passwords and other financial information. According to Check Point, the malicious Microsoft Excel files were sent via email with subject lines such as "apply for a job" or "about a job." When victims open the attachments, they are prompted to “activate content,” allowing the ZLoader malware to be installed on their computers. This banking malware is designed to steal credentials and other private information from users of specific financial institutions. The malware also has the ability to steal all passwords and cookies stored on the victim's web browsers. With this stolen information, cybercriminals can log into the victim's system and conduct illicit financial transactions from the banking user's legitimate device. Check Point researchers recently observed an increase in CV scams in the United States. In the last two months, the number of malicious files on CVs has doubled with 1 in 450 malicious files identified linked to a CV file, with cybercriminals attempting to exploit redundancies and pay systems during the pandemic.
In addition to CVs containing malicious files, Check Point researchers also found an increase in malicious medical leave forms circulating online. The documents, which use names such as "COVID -19 FLMA Center.doc", infect victims with IcedID banking malware targeting banks, payment card providers, mobile service providers and merchant sites. electronic. The purpose of this malware is to try to trick users into submitting their credentials on a fake page, as well as their authorization details which can be used to compromise users' accounts. These malicious files were sent via email under the subject line "The following is a new employee leave request form under the Family and Medical Leave Act (FMLA)." To entice victims to open these forms, cybercriminals sent them from different sender domains such as "medical-center.space." Check Point Chief Data Intelligence Officer Omer Dembinsky provided additional insight into the company's researchers' findings, stating: “As unemployment rises, cybercriminals are working hard. They use CVs to obtain valuable information, especially about money and banking. I strongly encourage anyone who opens an email with a CV attached to think twice. It could very well be something you regret. "