Skip to main content

Malware-laced CVs steal banking credentials from users' PCs

(Image credit: Photo Credit:

If you work for a financial institution that happens to be hiring, be extra careful when downloading and opening CVs - many could be carrying a password-stealing banking malware.

This is according to a new report from Check Point, which identified the new malware distribution campaign in the wild.

According to Check Point, criminals are sending out emails with the subject lines “applying for a job” and “regarding job”, containing an Excel attachment with a malicious macro. Once the file is opened, the victim is prompted to “enable content”, which triggers the download of ZLoader malware.

ZLoader is capable of stealing credentials from the infected PC, as well as passwords and cookies stored in the target’s browser. With the stolen intel, the attacker could also use the victim’s device to make illicit financial transactions.

Check Point claims CV-themed scams are on the up in the US, doubling in the past two months alone. The latest figures suggest one of every 450 CVs delivered via email is malicious.

“As unemployment rises, cybercriminals are hard at work. They are using CVs to gain precious information, especially as it relates to money and banking," said Omer Dembinsky, Manager of Data Intelligence at Check Point.

"I strongly urge anyone opening an email with a CV attached to think twice. It very well could be something you regret."