Summary: A new ransomware campaign known as XELERA is targeting job seekers in India with fake job notifications from the Food Corporation of India (FCI). This campaign utilizes a sophisticated spear-phishing attack that deploys a multi-stage malware infection through malicious documents disguised as legitimate job openings. Once activated, the ransomware conducts various disruptive and malicious operations, including stealing credentials and corrupting the victimโs system.
Affected: Job seekers in India targeting positions at the Food Corporation of India (FCI)
Keypoints :
- The XELERA ransomware is delivered via a malicious Word document named FCEI-job-notification.doc, which appears to contain legitimate job details.
- Once executed, the malware initiates a Discord-controlled operation to steal credentials, disrupt the system, and enforce various annoying attacks.
- The ransomware can corrupt the Master Boot Record (MBR), delete files, and present a ransom note demanding payment in Litecoin.
Source: https://securityonline.info/new-xelera-ransomware-campaign-spreading-through-malicious-documents/