Cybersecurity experts have flagged yet another ad campaign on Facebook that tricks users into installing malware on their Windows devices.
The Trustwave Spider Labs team shared how an anonymous person created a Facebook campaign for digital advertising jobs.
People who click on this link are given a PDF file with an ‘Access Document’ button. Clicking the button starts a sequence that activates an information-stealing program called Ov3r_Stealer.
The malware is designed to steal password and crypto wallet information and collects the information and sends it to a Telegram channel where the anonymous person views the information, TrustView Spider Labs said in its report.
In addition to stealing password and crypto wallet data, Ov3r_Stealer also collects IP address-based location information, hardware information, cookies, credit card data, autofills, browser extensions, Microsoft Office documents, and a list of antivirus products installed on a Windows device. Can also steal.
According to Trustview, the malware was recently reported and is likely to be a rebranded Ov3r_Stealer malware called Femedron. But the difference between the two is that Phamedron was built in C#.
