A new password-stealing malware called Ov3r_Stealer is being spread through fake job ads on Facebook, leading users to a Discord URL where a PowerShell script downloads the malware payload from a GitHub repository. The malware, discovered by Trustwave, targets a wide range of apps and attempts to steal account credentials and cryptocurrency. It establishes persistence on infected computers and sends stolen data to a Telegram bot every 90 minutes. Trustwave has found links between the malware and specific usernames in software cracking forums and notes code similarities with another stealer, Phemedrone. The nationality of the threat actor behind Ov3r_Stealer remains inconclusive.
Fake Facebook job ads are being used to distribute a new Windows-based stealer malware called Ov3r_Stealer, designed to steal credentials and crypto wallets. The malware is spread through a weaponized PDF file shared on fake Facebook accounts and ads, ultimately leading to the execution of a PowerShell loader from a GitHub repository. Similarities with another stealer called Phemedrone suggest that Ov3r_Stealer may be a re-purposed version of it. Threat actors are observed sharing news reports about the malware to build credibility for their malware-as-a-service business. This comes amidst reports of threat actors advertising access to law enforcement request portals and the emergence of infections leveraging cracked software to drop information stealers, crypto miners, and ransomware.
Researchers have developed a tool called 'Snappy' to detect fake or rogue WiFi access points that attempt to steal data from unsuspecting users. By analyzing static elements of access points, Snappy generates unique signatures using SHA256 hashes to determine if an access point is trustworthy or potentially malicious. The tool, currently available as a Python script, can also detect access points created by tools like Airbase-ng. Users of mobile devices will need specific interpreters or emulators to run Snappy, but there is hope for a more user-friendly version in the future.
