"Facebook Job Scam Spreads Ov3r_Stealer Malware to Steal Crypto and Credentials"
Fake Facebook job ads are being used to distribute a new Windows-based stealer malware called Ov3r_Stealer, designed to steal credentials and crypto wallets. The malware is spread through a weaponized PDF file shared on fake Facebook accounts and ads, ultimately leading to the execution of a PowerShell loader from a GitHub repository. Similarities with another stealer called Phemedrone suggest that Ov3r_Stealer may be a re-purposed version of it. Threat actors are observed sharing news reports about the malware to build credibility for their malware-as-a-service business. This comes amidst reports of threat actors advertising access to law enforcement request portals and the emergence of infections leveraging cracked software to drop information stealers, crypto miners, and ransomware.
