Coronavirus crisis spurs crooks to email malware-infested resumes

CV on a laptop
(Image credit: Shutterstock)

New research shows that cybercrooks are continuing to leverage the Covid-19 pandemic by targeted businesses with spoofed CVs and medical-leave forms to spread banking Trojans and information-stealers.

Security researchers at cyber security company Check Point have logged an increase in spoofed resumes and medical leave requests containing dangerous malware over the past few months. 

The firm said the ratio of CV-themed campaigns in the US had doubled in the last two months. It found that one out of every 450 malicious files is a CV-related scam.

In one of these campaigns, cyber crooks hid the Zloader banking Trojan with the aim of gaining access to people’s credentials and personal information. The malicious emails contained subjects like "applying for a job" and "regarding job".

The researchers explained: “When opening the attached file, victims were asked to 'enable content' and when they did, a malicious macro started running, downloading the final payload. Once a device was infected, threat actors could use the malware to carry out financial transactions on the device.”

During the pandemic, CVs haven’t been the only attack vector. Cyber criminals have also been using medical-leave forms to infect victims with malware. One campaign contained a banking Trojan called Icedid, which aims to steal financial data. 

These campaigns also used deceptive document names and email subjects, including "COVID -19 FLMA CENTER.doc" and "The following is a new Employee Request Form for leave within the Family and Medical Leave Act (FMLA)."

Checkpoint also said overall cyber attacks are up 16% as businesses reopen while Covid-19 cyber attacks declined by 7% in May. 

In addition to download the best antivirus software you can, Checkpoint recommends that you:

  • Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.
  • Be cautious with files received via email from unknown senders, especially if they prompt for a certain action you would not usually do.
  • Ensure you are ordering goods from an authentic source.
  • Beware of 'special' offers. An exclusive cure for coronavirus for $150 is usually not a reliable or trustworthy purchase opportunity.
  • Make sure you do not reuse passwords between different applications and accounts.

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan!