The National Information Technology Development Agency (NITDA) has warned the public of ‘Ov3r_Stealer’, a new threat targeting users on Facebook.
The agency, in a statement posted on X on Monday, said the malware affects users by spreading through deceptive job advertisements and fake accounts.
According to NITDA, users become “infected” by clicking on these malicious advertisement links.
“The malware employs various execution methods to extract sensitive data from victims,” the agency said.
Advertisement
“The Ov3r Stealer malware can also be used as a dropper for other malware, including ransomware.”
According to NITDA, when users click on the advertisement, “they are redirected to a malicious Discord URL which executes the malware through a PowerShell script masquerading as a Windows Control Panel (CPL) file to download the malware payload from a GitHub repository”.
“Ov3r Stealer poses a significant risk by silently exfiltrating a wide range of personal and sensitive information including geolocation (based on IP), hardware info, passwords, cookies, credit card information, auto-fills, browser extensions, crypto wallets, Office documents, and antivirus product information,” NITDA added.
Advertisement
“This data is subsequently transmitted to a Telegram channel where it is possibly sold or used for phishing attacks.”
To prevent being affected, the agency advised users to ensure that softwares are always updated.
In addition, NITDA said avoiding clicking on advertisement links, especially on social media platforms and having an antivirus that is regularly updated, would go a long way.
The technology agency also urged the public to stay updated on new and evolving threats.
Advertisement
Add a comment