Facebook ads push new Ov3r_Stealer password-stealing malware
Briefly

A new malware known as Ov3r_Stealer is spreading through fake job ads on Facebook, targeting users' account credentials and cryptocurrency. The ads lure victims with invitations to apply for management positions, leading them to a Discord URL. From there, a PowerShell script downloads the malware payload. This tactic is not new, but it remains a significant threat due to Facebook's popularity.
Analysts at Trustwave who discovered the malware campaign note that although none of its tactics are novel, it remains a severe threat to many potential victims, given Facebook's popularity as a social media platform.
Once the malware is downloaded and executed, it establishes persistence on infected computers by adding a scheduled task that runs every 90 minutes. Ov3r_Stealer attempts to steal data from various apps, including cryptocurrency wallet apps and web browsers. The final payload consists of three files: a legitimate Windows executable, a DLL for DLL sideloading, and a document containing the malicious code.
Trustwave reports that once executed, the malware establishes persistence using commands that add a scheduled task named 'Licensing2,' which runs on infected computers every 90 minutes.
Read at BleepingComputer
[
add
]
[
|
|
]
more Privacy professionals Briefly
[ Load more ]