Seemingly Legit Resume actually contains Crypto-Malware

The malicious email, targeted at a company’s resume screening department, is equipped with file encryption capabilities.

A new ransomware having capabilities of file encryption is being flung at the company workers that perform resume screening for job seekers.

This malware is distributed through a short and precise email message that appears legitimate and informs about the availability of a CV/resume in the attachment. Thus, the recipient is encouraged to open the attachment.

However, this email contains CryptoWall and it is unclear if the cybercriminals launched a series of similar messages for catching victims or it is a targeted attack.

cryptowall-crypto-malware-ransonware

For removing suspicion of fraud, the attackers incorporated a brief introduction of the supposed job candidate by providing a believable name and asking for opening the attached file for further information.


The email reads:

“Hi, my name is [first and last names removed]. I am herewith submitting my Resume under attachment for your perusal. Thank you.”

However, hidden in that attached document is an archive containing a JavaScript coded with commands to download a version of CryptoWall ransomware.

When the malware is executed on the system, it instantly starts encrypting the files stored on the hard disk and holds the data hostage till the demanded fee is paid in exchange of the decryption key/code.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.