"The Trojan appears to be using the (probably stolen) credentials of a number of recruiters to login to the [Monster.com] Website and perform searches for resumes of candidates located in certain countries or working in certain fields," Symantec says in its blog.
Personal information stolen from Monster.com includes names, e-mail addresses, home address, phone numbers, and resume identification numbers. The attackers then try to infect the computers of those candidates by sending targeted Monster.com phishing mails which installs an information-stealing Trojan horse that searches for financial information including bank and credit card account information.
The researchers say they have informed Monster.com of the exploits so that the presumably-stolen recruiter accounts can be shut down.
As always, these phishing scams are targeted toward uninformed users, who are advised to install all available updates for their operating systems and software, use an up-to-date antivirus solution, and avoid opening attachments of unexpected emails or follow any email links.