Phishing Campaign Hides Malware in Resumes
August 30, 2019 Share

Phishing Campaign Hides Malware in Resumes

For many people, applying for a new job is a soul-crushing activity on a par with cleaning the bathroom in a six-person student dorm room.

Landing a new role can mean spending hours searching for positions, rewriting your resume and cover letter countless times and using LinkedIn to badger people you haven’t spoken to for years into giving you a reference.

Now cyber-criminals have given job seekers a fresh obstacle to contend with after targeting companies with a phishing campaign that hides malware in resumes sent as email attachments.

The advanced campaign, which uses multiple anti-analysis methods to deliver Quasar remote access tool (RAT), was uncovered by phishing defense service provider Cofense Intelligence.

Quasar RAT by itself isn’t dodgy, but this legitimate open-source remote administration tool that can be found on GitHub has a history of being abused.

“This campaign is concerning as the US-CERT identifies the Quasar RAT as a favored tool of advanced persistent threat actors. This means that the most dedicated cyber-criminals are seeking to utilize this tool to exploit networks,” said Carl Wearn, head of e-crime at Mimecast.

From the outside the campaign appeared simple but a closer looked showed that the threat actors had done their homework. First, they used an easily accessible tool that makes attributing the campaign to a specific threat actor as easy as teaching a rhino the clarinet.

Second, they laced the resume attachment document being used to deliver Quasar RAT with a multitude of measures designed to deter detection, including password protection and encoded macros.

Announcing its find, Cofense said that “educating employees on new phishing trends is the best way of countering a campaign such as this.”

Wearn added: “I would urge individuals, particularly those working within HR departments and used to receiving resumes or CVs, to be particularly vigilant for this form of attack. Organizations should ensure they have an up-to-date antivirus solution that can effectively resolve and detect this form of attack.”

This post Phishing Campaign Hides Malware in Resumes originally appeared on InfoSecurity Magazine.

Read More