"Facebook Ads Spreading Ov3r_Stealer Malware to Steal Crypto and Credentials"
A new password-stealing malware called Ov3r_Stealer is being spread through fake job ads on Facebook, leading users to a Discord URL where a PowerShell script downloads the malware payload from a GitHub repository. The malware, discovered by Trustwave, targets a wide range of apps and attempts to steal account credentials and cryptocurrency. It establishes persistence on infected computers and sends stolen data to a Telegram bot every 90 minutes. Trustwave has found links between the malware and specific usernames in software cracking forums and notes code similarities with another stealer, Phemedrone. The nationality of the threat actor behind Ov3r_Stealer remains inconclusive.
- Facebook ads push new Ov3r_Stealer password-stealing malware BleepingComputer
- Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials The Hacker News
- Fake Facebook job ads are using malware to syphon off credit card data and passwords — don't fall for this Tom's Guide
- Alert: Ov3r_Stealer info-stealer malware circulating via Facebook Cyber Daily
- Fake Facebook ad ‘siphons’ your credit card and passwords then shares them in ‘criminal’ chat – signs you m... The US Sun
Reading Insights
0
1
2 min
vs 3 min read
79%
488 → 101 words
Want the full story? Read the original article
Read on BleepingComputer