Security News > 2024 > February > Facebook ads push new Ov3r_Stealer password-stealing malware
A new password-stealing malware named Ov3r Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency.
The fake job ads are for management positions and lead users to a Discord URL where a PowerShell script downloads the malware payload from a GitHub repository.
The malware inspects the system services configuration in the Windows Registry, possibly to identify potential targets, and can search for document files in local directories.
The researchers note code similarities between Ov3r Stealer and Phemedrone, a C# stealer, which might have been used as a basis for the new malware.
Steam game mod breached to push password-stealing malware.
Rhadamanthys Stealer malware evolves with more powerful features.