Cybercriminals are increasingly targeting corporate human resources (HR) departments by sending fake job applications containing malicious files designed to disable security systems and steal sensitive company data.
Security researchers warn that attackers are exploiting the routine hiring process, where recruiters regularly open resumes and attachments from unknown applicants.
Malware hidden in job applications
According to cybersecurity reports, attackers posing as job seekers send malicious CVs or application files to recruiters. When HR staff open these files, malware is silently installed on the system.
In the latest campaign, the malicious files are often delivered as ISO disk image files disguised as resumes. Once opened, they install malware that disables endpoint detection and response (EDR) tools before stealing data from infected machines.
Security tools disabled before data theft
Researchers say the malware is specifically designed to terminate security monitoring systems, allowing attackers to operate without detection.
Once security protections are disabled, the attackers can:
- Steal sensitive corporate files
- Harvest login credentials
- Access internal company networks
- Deploy additional malicious software
This approach enables cybercriminals to maintain long-term access to compromised systems.
HR departments increasingly targeted
Experts say HR departments are attractive targets because they frequently receive emails from unknown individuals and download attachments during recruitment processes.
Cybercriminal groups have used fake resumes, cover letters and LinkedIn job applications in similar attacks to deliver malware or ransomware.
Because recruiters often review dozens of applications daily, attackers rely on social engineering to make malicious files appear legitimate.
Recommended precautions for organizations
Cybersecurity experts advise companies to strengthen hiring-process security by:
- Scanning all job application attachments with security tools
- Restricting execution of files from unknown sources
- Using sandbox environments to open resumes safely
- Training HR staff to identify suspicious application files
Organizations are also encouraged to rely on secure recruitment platforms and automated file scanning systems to reduce the risk of infection.
Growing cybersecurity threat
The campaign highlights how attackers increasingly exploit human workflows rather than software vulnerabilities to infiltrate corporate networks.
As recruitment processes become more digital, cybersecurity experts warn that HR departments may continue to remain a prime entry point for cybercriminals seeking access to company systems.
About the author – Ayesha Aayat is a law student and contributor covering cybercrime, online frauds, and digital safety concerns. Her writing aims to raise awareness about evolving cyber threats and legal responses.
