New research shows that cybercriminals continue to take advantage of the Covid-19 pandemic by targeting businesses with spoofed resumes and vacation applications to spread banking Trojans and information thieves.

Security researchers at cyber security firm Check Point have documented an increase in spoofed resumes and medical leave applications containing dangerous malware over the past several months.

According to the company, the percentage of resume-themed campaigns in the United States has doubled in the past two months. As a result, one in every 450 malicious files was found to be a resume-related scam.

In one of these campaigns, cybercriminals hid a Zloader banking Trojan for the purpose of accessing people's credentials and personal information. The malicious emails contained subject lines such as "Looking for a job" or "About a job."

The researchers explained: upon opening the attached file, victims were prompted to "enable content," and when they did so, a malicious macro was executed and the final payload was downloaded. Once the device was infected, the threat actors were able to use the malware to perform financial transactions on the device.

CVs were not the only attack vector during the pandemic. Cybercriminals used medical leave applications to infect victims with malware. One campaign included a banking Trojan aimed at stealing financial data called Icedid.

These campaigns also used deceptive document names and email subject lines, such as "COVID -19 FLMA CENTER.doc" and "Below is the new employee application form for leave under the Family and Medical Leave Act (FMLA)."

Checkpoint also noted that while Covid-19 cyberattacks dropped 7% in May, overall cyberattacks increased 16% as companies reopened.