Skip to main content

Hackers Are Using Resumes To Deliver Malicious Software

By September 12, 2019May 16th, 2022Cybersecurity

Hackers have used poisoned documents to deliver malware payloads for years. Recently though, researchers at the security company Cofense have spotted a new twist to the ploy, aimed squarely at HR departments. The recently detected campaign uses fake resume attachments to deliver Quasar Remote Administration Tool. It is affectionately known as RAT to any unsuspecting Windows user who can be tricked into jumping through a few hoops.

Here’s how it works:

An email containing a document that appears to be a resume is sent to someone in a given company.  The document is password protected, but the password is politely included in the body of the email, and is usually something simple like ‘123.’ If the user enters the password, a popup box will appear, asking the user if he/she wants to enable macros.

Up to this point, the attack is fairly standard, but here’s where it gets interesting:

If the macros are allowed to run, they’ll display a series of images and a message announcing that content is loading.  What it’s actually doing is throwing out garbage code that’s designed to crash analysis and detection tools while RAT is installed quietly in the background.

At that point, the system is compromised. RAT’s capabilities give the hackers the ability to open remote desktop connections, log keystrokes and steal passwords, record any webcams in use, download files, and capture screenshots of the infected machine.

Worst of all, the first part of the infection process knocks out most detection programs. So, the hackers generally have a large window of time to take advantage of the newly created beach head. That can cause all manner of havoc in your network or simply choose to quietly siphon proprietary data from your systems.

Be on the alert and make sure your HR staff is aware.  This is a nasty campaign and it’s just hitting stride.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.