• More fake Facebook job ads are spreading malware to steal all you

    From TechnologyDaily@1337:1/100 to All on Thu Feb 8 17:15:05 2024
    More fake Facebook job ads are spreading malware to steal all your details

    Date:
    Thu, 08 Feb 2024 17:12:11 +0000

    Description:
    Ov3r_Stealer is here to steal your login credentials and crypto wallet information.

    FULL STORY ======================================================================

    Cybersecurity researchers have spotted yet another malicious Facebook ad campaign looking to trick users into installing malware on your Windows device.

    The team from Trustwave SpiderLabs revealed how an unnamed threat actor created a Facebook ad campaign for digital advertising jobs.

    Those that click on the ad are served a weaponized PDF file with an embedded Access Document button. Clicking the button triggers a chain reaction that ultimately delivers an infostealer called Ov3r_Stealer. Selling data on the dark web

    "This malware is designed to steal credentials and crypto wallets and send those to a Telegram channel that the threat actor monitors," Trustwave SpiderLabs said in its report.

    Besides stealing passwords and crypto wallet data, Ov3r_Stealer can also
    steal IP address-based locations, hardware information, cookies, credit card data, auto-fills, browser extensions, Microsoft Office documents, and a list of antivirus products that the victim has installed on their Windows device.

    At this point, the goal of the campaign seems to be data exfiltration, likely to be sold to a third-party at a later date. However, the researchers dont exclude the possibility of the malware being updated to act as a ransomware encryptor, too.

    The campaign appears to have quite a few similarities with another recently discovered campaign that was delivering the Phemedrone Stealer. In both
    cases, the attackers used the same GitHub repository (nateeintanan252) to
    pull the loader, and both infostealers share plenty of code.

    "This malware has recently been reported, and it may be that Phemedrone was re-purposed and renamed to Ov3r_Stealer," Trustwave said. "The main
    difference between the two is that Phemedrone is written in C#."

    The researchers even found a person on Telegram, by the name Liu Kong, claiming to have developed both variants, and stating they were happy with
    how the tool works in the wild. More from TechRadar Pro Cisco patches IOS XE zero-days used to hack over 50,000 devices Here's a list of the best
    firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/more-fake-facebook-job-ads-are-spreadin g-malware-to-steal-all-your-details


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)