Digital Trends

If you’ve got your resume posted at Monster.com and it contains a lot of personal details, you might want to worry right now.

 

The job site was attacked and the personal details of hundreds of thousands of users were stolen, according to security firm Symantec.

 

How was it done? The hackers used stolen log-in credentials to access the employers’ section of the site, then harvested names, addresses, phone numbers and e-mail addresses and other information, which were all uploaded to a remote server. They used a new Trojan called Infostealer.Monstres and stole more than 1.6 million records belonging to several hundred thousand people. The Trojan reportedly ran automated searches for resumes of candidates located in certain countries or working in certain fields.

 

That data is then used to send spam of phishing e-mails, and some have already been seen, containing plenty of personal information about the recipient.

 

“The attackers first gather e-mail address and other personal information from resumes posted to Monster.com with Infostealer.Monstres,” said Symantec security analyst Amado Hidalgo. “Next, they will try to infect the computers of those candidates by sending targeted Monster.com phishing mails which install [Banker.c or Gpcoder.e].”

 

Banker.c is a Trojan that monitors the infected PC for log-ons to online banking accounts. It then records the username and password and transmits the data back to hacker HQ. Gpcoder.e, though, is what’s known as ransomware, a Trojan that encrypts files on the hacked computer, then hold those files hostage until the user pays a fee to unlock the data.

 

The nasty part is how Gpcoder.e ends up on your computer. An e-mail, purportedy from Monster, asks you to download the Monster Job Seeker Tool. Such an item doesn’t exist – but you’ve just loaded Gpcoder.e on your machine.