Trojan steals Monster.com job candidates’ personal data

By on
According to a Symantec security analyst, a new Trojan horse called Infostealer.Monstres has stolen more than 1.6 million records belonging to several hundred thousand people from Monster job search service.

"The Trojan appears to be using the (probably stolen) credentials of a number of recruiters to login to the [Monster.com] Website and perform searches for resumes of candidates located in certain countries or working in certain fields," Symantec says in its blog.
Personal information stolen from Monster.com includes names, e-mail addresses, home address, phone numbers, and resume identification numbers. The attackers then try to infect the computers of those candidates by sending targeted Monster.com phishing mails which installs an information-stealing Trojan horse that searches for financial information including bank and credit card account information.

The researchers say they have informed Monster.com of the exploits so that the presumably-stolen recruiter accounts can be shut down.

As always, these phishing scams are targeted toward uninformed users, who are advised to install all available updates for their operating systems and software, use an up-to-date antivirus solution, and avoid opening attachments of unexpected emails or follow any email links.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.