February 6, 2024 at 10:10AM
Threat actors are using fake Facebook job ads to distribute a new Windows-based stealer malware, Ov3r_Stealer, designed to steal credentials and crypto wallets. The campaign’s end goal remains unknown, but the stolen information may be sold to other threat actors or used to distribute additional payloads, including ransomware. This tactic is similar to a previously disclosed infection chain involving another stealer called Phemedrone Stealer.
Key takeaways from the meeting notes:
1. Threat actors are using fake Facebook job advertisements to lure targets into installing a new Windows-based malware called Ov3r_Stealer, designed to steal credentials and crypto wallets.
2. The campaign starts with a weaponized PDF file, leading users to click on an “Access Document” button, which then delivers the malware.
3. Similarities exist between Ov3r_Stealer and Phemedrone Stealer, suggesting that Phemedrone may have been re-purposed and renamed.
4. Threat actors are also leveraging infostealer infections to gain access to law enforcement portals and using cracked software as an initial access vector for dropping various types of malware.
5. Hudson Rock revealed that threat actors are advertising their access to law enforcement request portals of major organizations, such as Binance, Google, Meta, and TikTok.
Please let me know if you need any additional information or further analysis.