Seqrite exposes sophisticated XELERA ransomware operation targeting Indian tech job seekers through FCI impersonation

Seqrite, the enterprise security arm of Quick Heal Technologies Limited, has revealed critical details about an advanced ransomware campaign targeting technology professionals in India. Dubbed “XELERA,” the operation leverages fake job offers impersonating the Food Corporation of India (FCI) to infiltrate victims’ systems, marking a concerning evolution in social engineering tactics.

Researchers at Seqrite Labs, India’s largest malware analysis facility, noted that the attack begins with spear-phishing emails containing a malicious Word document titled FCEI-job-notification.doc. Disguised as an official FCI recruitment notice, the document outlines fabricated job vacancies for technical roles. Embedded within it is a compressed PyInstaller executable (jobnotification2025.exe) that bypasses traditional security defenses. Upon execution, the malware deploys Python-compiled scripts (mainscript.pyc) to establish persistent access, utilising libraries like psutil and aiohttp for system monitoring and network communication.

A distinctive feature of XELERA is ...