XELERA Ransomware Campaign: Fake Food Corporation of India Job Offers Targeting Tech Aspirants

Description

A newly discovered ransomware campaign is targeting tech job aspirants in India using fake Food Corporation of India job offers. The XELERA ransomware, written in Python and packed with PyInstaller, is distributed through spear-phishing emails containing malicious Word documents. The infection chain involves multiple stages, including a malicious OLE object, a PyInstaller executable, and Python scripts. The malware utilizes a Discord bot for command and control, enabling various malicious activities such as credential theft, file exfiltration, and system disruption. The ransomware component, XELERA, not only encrypts data but also corrupts the Master Boot Record, making systems unbootable. The campaign demonstrates sophisticated social engineering tactics and multi-stage malware deployment, posing a significant threat to individuals and organizations in India's tech sector.