Seqrite has revealed critical details about an advanced ransomware campaign targeting technology professionals in India. Dubbed “XELERA,” the operation leverages fake job offers impersonating the Food Corporation of India (FCI) to infiltrate victims’ systems, marking a concerning evolution in social engineering tactics.
Researchers at Seqrite Labs, India’s largest malware analysis facility, noted that the attack begins with spear-phishing emails containing a malicious Word document titled FCEI-job-notification.doc. Disguised as an official FCI recruitment notice, the document outlines fabricated job vacancies for technical roles.
Embedded within it is a compressed PyInstaller executable (jobnotification2025.exe) that bypasses traditional security defenses. Upon execution, the malware deploys Python-compiled scripts (mainscript.pyc) to establish persistent access, utilizing libraries like psutil and aiohttp for system monitoring and network communication.
A distinctive feature of XELERA is its integration with a Discord bot for command-and-control operations. By blending malicious traffic with legitimate Discord activity, attackers remotely execute commands such as privilege escalation, system lockdowns, and credential theft. The ransomware further disrupts systems by altering wallpapers, triggering fake Blue Screen of Death (BSOD) errors, and deploying the MEMZ.exe tool to corrupt the Master Boot Record (MBR), rendering devices inoperable.
In its final stage, XELERA encrypts critical files and displays a ransom note demanding payment in Litecoin cryptocurrency. Victims are directed to a specific wallet address, with threats of permanent data loss if demands are unmet. The campaign specifically exploits the urgency and trust of job seekers, many of whom are early-career professionals vulnerable to seemingly legitimate offers.
According to researchers at Seqrite Labs, this attack is a perfect example of the increasingly sophisticated techniques that cybercriminals are adopting while weaponizing human psychology. Seqrite’s Advanced Persistent Threat (APT) Team has incorporated detection mechanisms for XELERA across its Endpoint Security and Threat Intelligence platforms.
The company advises organizations and individuals to adopt multi-layered security strategies, including regular software updates, endpoint protection, and employee training on phishing recognition. Also, job seekers remain vigilant, even when offers appear credible. Always verify communications through official channels and avoid opening unsolicited attachments.
𝐒𝐭𝐚𝐲 𝐢𝐧𝐟𝐨𝐫𝐦𝐞𝐝 𝐰𝐢𝐭𝐡 𝐨𝐮𝐫 𝐥𝐚𝐭𝐞𝐬𝐭 𝐮𝐩𝐝𝐚𝐭𝐞𝐬 𝐛𝐲 𝐣𝐨𝐢𝐧𝐢𝐧𝐠 𝐭𝐡𝐞 WhatsApp Channel now! 👈📲
𝑭𝒐𝒍𝒍𝒐𝒘 𝑶𝒖𝒓 𝑺𝒐𝒄𝒊𝒂𝒍 𝑴𝒆𝒅𝒊𝒂 𝑷𝒂𝒈𝒆𝐬 👉 Facebook, LinkedIn, Twitter, Instagram
