New malware is using direct emails to hunt the head-hunters

Threat actor TA4557 has begun directly emailing recruiters to deliver malware, according to cyber security company Proofpoint. Previously, the actor applied to jobs online, inserting malicious URLs into applications. Since October 2023, it has been emailing employers and leading them to its controlled sites with fake resumes. Proofpoint also noticed the actor telling recruiters to visit its email domain to avoid detection, and warns that TA4557 has become more skilled at hiding its actions which could pose a threat to third-party job postings.