XELERA Ransomware Campaign: Fake Food Corporation of India Job Offers Targeting Tech Aspirants

SUMMARY :

A newly discovered ransomware campaign is targeting tech job aspirants in India using fake Food Corporation of India job offers. The XELERA ransomware, written in Python and packed with PyInstaller, is distributed through spear-phishing emails containing malicious Word documents. The infection chain involves multiple stages, including a malicious OLE object, a PyInstaller executable, and Python scripts. The malware utilizes a Discord bot for command and control, enabling various malicious activities such as credential theft, file exfiltration, and system disruption. The ransomware component, XELERA, not only encrypts data but also corrupts the Master Boot Record, making systems unbootable. The campaign demonstrates sophisticated social engineering tactics and multi-stage malware deployment, posing a significant threat to individuals and organizations in India's tech sector.

OPENCTI LABELS :

ransomware,spear-phishing,india,pyinstaller,job offer,tech sector,discord bot,xelera,memz


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


XELERA Ransomware Campaign: Fake Food Corporation of India Job Offers Targeting Tech Aspirants