Cybercriminals Use Malware-Laced Fake Resumes to Target Recruiters

A spear-phishing campaign is targeting recruiters and hiring managers by using malware hidden in phony resumes.

Cybersecurity firm Arctic Wolf Labs posted about the ongoing threat called TA4557 (also known as Venom Spider), warning HR departments about the malicious activity. 

“Our research found several upgrades that the threat actor made to this malware to infect victims more effectively and to evade automated analysis techniques like sandboxing,” the firm explained.

Venom Spider has been active for years, with activities dating at least as far back as the late 2010s, when online payment portals and e-commerce sites were the main targets. The threat actor has also posted fake jobs and contacted users through LinkedIn’s messaging service in the past.

This time, recruiters are in the crosshairs of a phishing scheme that capitalizes on their need to open email attachments such as resumes and cover letters. The files act as the payload for the first stage of the attack, which can range from credential theft to stealing sensitive customer payment data or intellectual property and potentially installing ransomware.  

“The recruiters and hiring managers who work in HR departments are often considered to be the weak point in an organization by attackers,” Arctic Wolf Labs wrote.

SHRM eLearning: Cybersecurity Training

A Growing Threat 

Phishing attacks are a form of “social engineering” — hacking computer systems, not through technology, but by exploiting employees’ vulnerabilities. The attacks involve the use of email, telephone, or text messages that look legitimate and cause unsuspecting recipients to fall for the scam and put private information at risk.

Bad actors are increasingly using HR-themed phishing emails and other new tactics to steal sensitive company data.

According to experts who recently spoke to SHRM, the top cybersecurity threats for 2025 are likely to include credential compromise, phishing attacks, ransomware, social engineering, cloud environment intrusion, and malware. More cybercrimes will be powered by artificial intelligence, supercharging the speed, scale, and automation of attacks.  

SHRM’s All Things Work podcast: Cybersecurity 101: Protecting Your Organization — and Yourself

Teaching, Not Tricking 

Running phishing tests is a proven way to improve employees’ cybersecurity awareness and behavior, but using misleading tactics to simulate malicious attacks could damage employee morale, according to published research.

In phishing tests, security and IT professionals create and send a mock email to employees to help them identify malicious links that, if clicked, could cause workers to inadvertently leak sensitive data or invite damage to company systems.

But researchers found that some common phishing tactics, such as dangling financial perks or bonuses as a lure or otherwise unfairly tricking employees and then shaming them, can do more harm than good.