Watch out - that dream job applicant could actually just be damaging malware

According to Proofpoint, TA4557 has been using advanced social engineering tactics since 2018, including similar job applicant-type attacks for the last two years.

Recruiters beware

The latest method, which has been used since at least October 2023, begins with a benign email expressing interest in an open role.

From there, the chain between the recruiter and the malicious applicant continues, whereby the applicant finally engages in the attack. A resume, supposedly hosted on the applicant’s personal website, is shared with the victim.

The legitimate-looking website hosts a downloadable .zip file which includes a shortcut file (LNK). Ultimately, the malware exists to gain unauthorized access to a victim’s machine and then to drop additional payloads.

In some cases, the threat actor shared details of the malicious website via email attachments, including PDF and Word documents.

Of the two screenshots shared on Proofpoint’s blog, both use custom email domains and direct the recruiter to a website using that same domain.

According to Proofpoint, there’s been a recent uptick in the number of social engineering scams using benign emails. The cybersecurity firm added:

“Organizations that use third-party job posting websites should be aware of this actor’s tactics, techniques, and procedures (TTPs) and educate employees, especially those in recruiting and hiring functions, about this threat.”

More from TechRadar Pro

• Shared too much? Here’s the best identity theft protection
• Boost your protection with the best firewalls and best endpoint protection
• Ransomware, AI, and social engineering all set to be 2024's biggest security threats