Ov3r_Stealer Malware Spreads Via Fake Facebook Job Ads
A new malware, named Ov3r_Stealer, is spreading through fake job advertisements on Facebook. Discovered by Trustwave SpiderLabs, the threat actors behind the malware target users by offering bogus management positions, leading them to download a weaponized PDF. Within the file, the user is directed to click an “Access Document” button to supposedly download another file hosted on OneDrive, which instead delivers the malicious payload.
As explained by Trustwave, "This malware is designed to steal credentials and crypto wallets and send those to a Telegram channel that the threat actor monitors."
Ov3r_Stealer is engineered to harvest a plethora of personal data, including account credentials, cryptocurrency wallet information, geolocation, hardware specifics, cookies, credit card details, auto-fills, browser extensions, Microsoft Office documents, and even antivirus product information. The malware also ensures its persistence on the infected system, running every 90 minutes to collect and exfiltrate data to the attackers' Telegram channel.
Further investigation into Ov3r_Stealer's mechanisms revealed that it shared all its characteristics with an open-source malware named Phemedrone Stealer, besides being written in a different language (C#). This led to speculation that Phemedrone might have been repurposed and renamed to Ov3r_Stealer.
Trustwave SpiderLabs has stressed the importance of vigilance when engaging with job ads on social media, advising users to employ robust cybersecurity measures to mitigate the risk of infection. It’s recommended to use reputable antivirus software, perform regular system updates, and take a cautious approach to clicking on links from unknown sources.
The emergence of Ov3r_Stealer through fraudulent Facebook job ads exposes the constantly evolving environment of cyber threats and the innovative methods cybercriminals use to exploit digital platforms. In another recent example, Facebook pages were hacked to impersonate Meta, which were then used to spread malware.
Please, comment on how to improve this article. Your feedback matters!