Security News > 2020 > June > Cybercriminals now spoofing job hunters to deploy password-stealing malware
Malicious files masquerading as curriculum vitae are being sent to businesses to install malware that can capture passwords and other sensitive information, says Check Point Research.
In a new malware campaign spotted by cyber threat intelligence provider Check Point Research, attackers spoof job seekers by sending out emails with file attachments that claim to be curriculum vitae.
Instead, the files house malware capable of stealing user credentials and other private information.
Included in the email is a Microsoft Excel file with a name indicating that this is the person's CV. If the unsuspecting employee clicks on the Excel attachment, a macro in the file runs and downloads its malicious payload, namely the Zloader malware.
Watch out for well-known banking malware such as Zeus and its variants being reintroduced into the attack surface.