February 8, 2024 at 11:40AM
“Ov3r_Stealer” is a novel malware targeting Facebook users through job ads. It steals various data types including geolocation, passwords, and credit card information. The malware uses multiple execution methods and its origin involves complex communication channels and pseudonyms. As a modular tool, it can facilitate other malware and pose a persistent threat. To mitigate risks, Trustwave recommends security awareness programs and regular audits.
Certainly! Based on the meeting notes, it outlines the emergence of a new malware called “Ov3r_Stealer” that is being propagated through Facebook and employs several execution methods to pilfer sensitive data from unsuspecting individuals. The researchers from Trustwave SpiderLabs uncovered that the malware is spread through Facebook job advertisements and fake accounts, with the stolen data being funneled to a monitored Telegram channel. Notably, the malware employs various aliases and communication channels to obfuscate its origin and activities.
The malware stands out due to its diverse execution strategies, including PowerShell, HTML smuggling, SVG image smuggling, and .LNK shortcut files. Once the victim is compromised, the malware establishes persistence by creating a scheduled task for continuous data exfiltration.
While widespread campaigns using Ov3r_Stealer have not been observed, Trustwave researchers emphasize its continual development and future potential for broader use. They stress the need for organizations to bolster security measures through active awareness programs, regular audits, application patching, and proactive threat hunting to mitigate potential risks.
The comprehensive list of indicators of compromise (IoCs) included in the report can aid organizations in identifying and addressing the presence of Ov3r_Stealer within their environments.