Employers who receive an email from someone purporting to be a job applicant, with an attached resume, could fall victim to a difficult-to-detect phishing campaign peddling a remote-access tool used often for espionage.
Researchers with Cofense said they have recently spotted emails with malicious attachments delivering the Quasar open-source malware. While the “job seeker” phishing theme may be fairly common, this particular campaign employs several sophisticated tactics that make it harder both for researchers to analyze — and company employees to detect.
