Security analysts in Trustwave have uncovered a new hacking campaign of the Ov3r_Stealer malware that has been spreading through Facebook since last December. It is an infostealer that infected users' devices through Facebook advertising and phishing emails.
Ov3r_Stealer is designed to hack into victims' crypto wallets or steal their data, which it then sends to the cybercriminals' Telegram account. This is, for example, informace about hardware, cookies, saved payment informace, autocomplete data, passwords, Office documents, and more. Security experts explain that tactics and methods of spreading malware are nothing new, and neither is malicious code unique. Still, the Ov3r_Stealer malware is relatively unknown in the cybersecurity world.
Gallery
The attack typically begins with the victim seeing a fake job offer for a managerial position on Facebook. Clicking on this malicious link will take you to the URL of the Discord platform, through which malicious content is delivered to the victim's device. We therefore recommend not clicking on such an advertisement and avoiding other similarly worded advertisements that offer favorable job offers.
You could be interested in
What happens after the attack is not entirely clear. Experts suspect that all obtained informace sold by criminals to the highest bidder. However, it is also possible that the malware on the victim's device will modify it in such a way that they can download additional malware onto the device. The last possibility is that the Ov3r_Stealer malware transforms into ransomware that locks the device and demands payment from the victim. If the victim does not pay, most often in cryptocurrency, the criminal will delete all the files on the device.
