"I am always a prepared applicant with a smile."
Ransomware and information-stealing malware are being distributed together in resume emails with bold titles, so caution is required.
Recently, East Security announced that it had confirmed an attack distributing ransomware and malware with titles such as 'resume file' and 'applicant career details'.
If you look at the attack case disclosed by East Security, you can see the attachment in the form of a double compressed file with a password set along with body text such as "I will work hard. Thank you."
There were two executable files in the compressed file, and the files were disguised as Hangul file and Excel file icons.
When executed, the ransomware program 'LockBit 3.0' and information stealing malicious program 'Vidar' are executed respectively.
Enlarge Image
When the ransomware program runs, the user's PC is encrypted and the message "Your data has been stolen. If the ransom is not paid, your information will be released on darknet sites" is displayed.
When an information-stealing malicious program is executed, the user's system information and browser collects information and transfers it to the C&C (Command & Control) server designed to be used for cyber attacks, and the information stored in the user's PC is passed on to the attacker.
In this regard, East Security said, "Recently, attackers are showing a pattern of distributing other malicious codes along with ransomware," and "refrain from viewing e-mails received from suspicious users, and periodically back up important information." recommended.
(Photo = East Security)