New Phishing Campaign Detected – Malware Hides in Resume and Medical Leave Forms

In this changing business climate where hundreds of thousands of people are searching jobs, hackers are taking advantage of it and sending phishing emails. What a pity.

Earlier this year, hackers used COVID-19 pandemic to spread malware, and now they are using fake CVs & medical forms to spread banking Trojan and data stealers. With this, a 16% rise in cyber-attacks has been noticed.

Who Blew the Whistle about Latest Phishing Campaign?

Researchers at Check Point discovered, to spread malware and steal data threat actors are sending malicious Microsoft Excel files with a subject like applying for a job or regarding the post.

When the victim opens these attachments, ZLoader malware is enabled, and it gets installed on the computer.

This malware targets financial institutions and the cookies, passwords stored in the web browser. Hence if you know how to delete browser cookies and history it will help.

What is ZLoader malware?

It is a banking malware that is designed to target financial institutions to steal banking details and other private information.

Alongside the malware can steal cookies, and passwords stored in the web browser, etc. Using this information, cybercriminals get an easy pass to connect with the victim’s machines and make illegal transactions form legitimate devices.

Due to this, an increase in CV-themed scams is seen, & 1 out of 450 files have found to have malicious CV attachment. This means cybercriminals are trying their best to exploit compensations and salary schemes run by the government during the pandemic.

Checkout: Steganography: A New Way to Spread Malware

Malicious medical leave forms

In addition to spreading malware via CVs, threat actors are also using medical leave forms to spread malware.

Documents, with names like “COVID -19 FLMA Center.doc”, infect sufferers’ machines with IcedID banking malware. The malware is designed to trick users into submitting their credentials and authorization details on a hoax site. Usually, sites bank payments, mobile service providers, e-commerce sites, etc. are targeted by IcedID malware.

To spread the malware an email with the subject line “The following is a new Employee Request Form for leave within the Family and Medical Leave Act (FMLA)” is sent. This forces victims into opening forms, thereby infecting medical domains.

Will there be an end to these attacks?

No one can guarantee that, but looking at the rise in the number of attacks, it seems things will get worse. In March, when the pandemic was at its peak 30% rise in malware attacks was seen, and now when things are settling, hackers have found a new way to target.

This shows we cannot stop them but can surely stay one step ahead if we keep caution and preventive measures in check.

Next Read:

Top 9 Best Identity Theft Protection Services In 2020

How To Enable Ransomware Protection In Windows Defender?

Tips to Stay Safe from Coronavirus Scam and Fake News

What are your thoughts? Do you think we can do anything about these latest hacks? If you have anything in mind, please share your thoughts in the comments box below.

What Do You Think?
  • Upvote
  • Funny
  • Love
  • Surprised
  • Angry
  • Sad

Leave a Reply