A new cyber-espionage campaign targets HR staff with fake job applications that secretly install malware capable of disabling security software and stealing sensitive data.