Resumés with malicious ISO attachments are circulating, says Aryaka
Summary
Threat actors are sending fake resumés with malicious ISO files (archives similar to DVDs) to HR departments through recruitment channels. When opened, these files execute hidden malware that steals data and includes a module called BlackSanta that disables endpoint detection and response (EDR, security tools that catch attacks). The attack uses sophisticated techniques like DLL sideloading (hiding malicious code inside trusted software) and BYOVD (loading vulnerable drivers to gain deep system access).
Solution / Mitigation
The source explicitly recommends several mitigations: (1) HR employee security awareness training to spot phishing, with emphasis that .iso files can execute malware while resumés should only be .docx, .pdf, or .txt; (2) HR staff trained to accept only normal resumé document types and avoid clicking URLs unless necessary; (3) some organizations have HR hiring portals that only accept text inputs to web forms, reducing malware transmission risk; (4) all HR staff must understand they are at high risk, be educated about common HR scams, receive coaching for high-risk actions, and participate in simulated phishing tests that mimic real HR-targeted attacks.
Classification
Original source: https://www.csoonline.com/article/4143937/resumes-with-malicious-iso-attachments-are-circulating-says-aryaka.html
First tracked: March 11, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%