XELERA Ransomware Targets Job Seekers Using Fake FCI Job Offers

A new ransomware campaign called XELERA is tricking job seekers with fake job offers from the Food Corporation of India (FCI). Victims receive malicious Word documents via email, which install ransomware and steal personal data. The attack also uses Discord bots to control infected computers remotely.

  • Fake job offer emails with malicious Word documents trick victims.

  • The document contains a hidden executable file that installs malware.

  • Uses Discord bots to control the victim’s computer remotely.
  • Can steal browser credentials, disable mouse/keyboard, and lock the system.

  • Deploys XELERA ransomware, demanding payment in Litecoin.
  • Includes MEMZ.exe, which can corrupt the Master Boot Record (MBR) of Windows.

Cybercriminals are using job scams to infect users with ransomware. Never download or open job-related documents from unknown sources. Always verify job offers directly from official websites. Protect your system with NPAV Total Security to stay safe from such cyber threats.