These hackers pretend to poach, recruit rival bank staff in new cyberattacks

Hackers are pretending to poach bank staff in a wave of attacks against the African financial sector.

In recent weeks, the threat actors have been spotted using recruitment emails and messages to entice individuals considering moving from their current employment to rival financial companies.

However, the emails don’t contain genuine job offers: instead, they contain malicious surprises.

On Tuesday, the threat research team at HP Wolf Security said the campaign specifically targets individuals already working in the African banking sector. Phishing emails are disguised under the names of rival banks through typosquatting and ask the potential victim if they are interested in new job opportunities.

The ‘recruiter’ also uses a reply-to typosquatted address to appear more legitimate. If an individual is reeled in, the attacker sends an HTML attachment, Fiche de dossiers.htm (translation: file sheet/card), a Base64 encoded ISO file.

If the victim tries to open the file, the content is decoded and shown as a web downloader prompt, in a technique known as HTML Smuggling.

“When the user opens the HTML attachment using a web browser, they are prompted to download the file, which is already stored on the local system,” the researchers said. “This way HTML smuggling bypasses

Read More: