"Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials"

Threat actors have been using fake Facebook job advertisements to trick potential victims into installing a new Windows-based stealer malware called Ov3r_Stealer. According to Trustwave SpiderLabs, this malware steals credentials and cryptocurrency wallets. It then sends them to a Telegram channel monitored by the threat actors. Ov3r_Stealer can gather IP address-based locations, hardware information, passwords, cookies, credit card information, auto-fills, browser extensions, cryptocurrency wallets, Microsoft Office documents, and more. Although the campaign's exact goal is unknown, the stolen information is likely sold to other threat actors. The malware could also be updated over time to function as a QakBot-like loader for additional payloads, such as ransomware. This article continues to discuss the spread of Ov3r_Stealer through fake Facebook job advertisements.

THN reports "Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials"

Submitted by grigby1

Submitted by Gregory Rigby on