Cybercriminals Deliver Async Remote Access Trojan in New Resume-Based Malspam Campaign

Bitdefender Online Store

Bitdefender Labs has identified an email scam containing a malicious attachment supposedly from a person seeking employment as an environmental scientist. The zip attachment that allegedly includes the job applicant’s resume delivers the Async Remote Access Trojan, or AsyncRAT.

Most of the malicious emails appear to have been sent from IP addresses in Vietnam. They have reached recipients from all over the world, including the US, Ireland, Germany, UK, Austria and the Czech Republic.

The email resembles a benign message from a job applicant sending a resume to an HR department.

“Dear Sir/Mam,

I am [redacted]. I am interested in exploring employment opportunities with your company and feel that I can make a significant contribution to your mission. I have attached my resume with this mail. They address my desire to work as well as my skills and qualifications. Hope to hear from you soon.

Thanks & Regards”

Like similar malicious software, AsyncRAT lets an attacker stealthily infiltrate the victim’s device to record keystrokes, access files and spread additional malware. Cybercriminals use these features to steal login and banking information to commit fraud. They can also impersonate victims to spread phishing emails and malware.

These resume-based scams are a successful way for threat actors to compromise the email addresses of individuals working in the HR industry who are used to receiving this kind of email, especially if their company is seeking to hire. It only takes one mistake to get duped and compromise their data security and their employers. Watch for suspicious emails that contain links or resume attachments you receive out of the blue. While vigilance and good cyber practices help you stay on the right track, a security solution is imperative to fend off malicious attacks coming your way.

All Bitdefender customers are protected from AsyncRAT. The email attachment is detected as Trojan.GenericKD.47007828 and blocked by both our consumer and enterprise solutions.

Bitdefender Total Security and XEDR offer real-time protection to safeguard you and your personal data against the latest e-threats, including info-stealing Trojans, ransomware and spyware. You can enjoy the best anti-malware protection and threat detections across all major operating systems to ensure that, if you do receive a fraudulent email or malicious attachment, your device will not fall into the hands of cyberthieves.

Note: This article is based on technical information courtesy of Bitdefender Labs