Serviceteam IT Security News

For many people, applying for a new job is a soul-crushing activity on a par with cleaning the bathroom in a six-person student dorm room. 

Landing a new role can mean spending hours searching for positions, rewriting your résumé and cover letter countless times and using LinkedIn to badger people you haven’t spoken to for years into giving you a reference. 

Now cyber-criminals have given job seekers a fresh obstacle to contend with after targeting companies with a phishing campaign that hides malware in résumés sent as email attachments.

The advanced campaign, which uses multiple anti-analysis methods to deliver Quasar remote access tool (RAT), was uncovered by phishing defense service provider Cofense Intelligence

Quasar RAT by itself isn’t dodgy, but this legitimate open-source remote administration tool that can be found on GitHub has a history of being abused.

“This campaign is concerning as the US-CERT identifies the Quasar RAT as a favored tool of advanced persistent threat actors. This means that the most dedicated cyber-criminals are seeking to utilize this tool to exploit networks,” said Carl Wearn, head of e-crime at Mimecast.

From the outside the campaign appeared simple but a closer looked showed that the threat actors had done their homework. First, they used an easily accessible tool that makes attributing the campaign to a specific threat actor as easy as teaching a rhino the clarinet. 

Second, they laced the résumé attachment document being used to deliver Quasar RAT with a multitude of measures designed to deter detection, including password protection and encoded macros. 

Announcing its find, Cofense said that “educating employees on new phishing trends is the best way of countering a campaign such as this.”

Wearn added: “I would urge individuals, particularly those working within HR departments and used to receiving résumés or CVs, to be particularly vigilant for this form of attack. Organizations should ensure they have an up-to-date antivirus solution that can effectively resolve and detect this form of attack.”

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!