Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Craig Hale

Watch out - that dream job applicant could actually just be damaging malware

Magnifying glass enlarging the word 'malware' in computer machine code.

Cybersecurity company Proofpoint has warned of an attacker employing a variety of methods to spread malware within organizations, and the latest technique is just as easy to fall for as it is to spot.

The attack, attributed to a financially motivated threat actor known as TA4557, impersonates a job applicant and uses attachments like PDFs and Word documents or malicious websites to spread malware.

According to Proofpoint, TA4557 has been using advanced social engineering tactics since 2018, including similar job applicant-type attacks for the last two years.

Recruiters beware

The latest method, which has been used since at least October 2023, begins with a benign email expressing interest in an open role.

From there, the chain between the recruiter and the malicious applicant continues, whereby the applicant finally engages in the attack. A resume, supposedly hosted on the applicant’s personal website, is shared with the victim.

The legitimate-looking website hosts a downloadable .zip file which includes a shortcut file (LNK). Ultimately, the malware exists to gain unauthorized access to a victim’s machine and then to drop additional payloads.

In some cases, the threat actor shared details of the malicious website via email attachments, including PDF and Word documents.

Of the two screenshots shared on Proofpoint’s blog, both use custom email domains and direct the recruiter to a website using that same domain.

According to Proofpoint, there’s been a recent uptick in the number of social engineering scams using benign emails. The cybersecurity firm added:

“Organizations that use third-party job posting websites should be aware of this actor’s tactics, techniques, and procedures (TTPs) and educate employees, especially those in recruiting and hiring functions, about this threat.”

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.