We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Ov3r_Stealer Malware Spreads Via Fake Facebook Job Ads

Ov3r_Stealer Malware Spreads Via Fake Facebook Job Ads
Husain Parvez Published on 10th February 2024 Cybersecurity Researcher

A new malware, named Ov3r_Stealer, is spreading through fake job advertisements on Facebook. Discovered by Trustwave SpiderLabs, the threat actors behind the malware target users by offering bogus management positions, leading them to download a weaponized PDF. Within the file, the user is directed to click an “Access Document” button to supposedly download another file hosted on OneDrive, which instead delivers the malicious payload.

As explained by Trustwave, "This malware is designed to steal credentials and crypto wallets and send those to a Telegram channel that the threat actor monitors."

Ov3r_Stealer is engineered to harvest a plethora of personal data, including account credentials, cryptocurrency wallet information, geolocation, hardware specifics, cookies, credit card details, auto-fills, browser extensions, Microsoft Office documents, and even antivirus product information. The malware also ensures its persistence on the infected system, running every 90 minutes to collect and exfiltrate data to the attackers' Telegram channel.

Further investigation into Ov3r_Stealer's mechanisms revealed that it shared all its characteristics with an open-source malware named Phemedrone Stealer, besides being written in a different language (C#). This led to speculation that Phemedrone might have been repurposed and renamed to Ov3r_Stealer.

Trustwave SpiderLabs has stressed the importance of vigilance when engaging with job ads on social media, advising users to employ robust cybersecurity measures to mitigate the risk of infection. It’s recommended to use reputable antivirus software, perform regular system updates, and take a cautious approach to clicking on links from unknown sources.

The emergence of Ov3r_Stealer through fraudulent Facebook job ads exposes the constantly evolving environment of cyber threats and the innovative methods cybercriminals use to exploit digital platforms. In another recent example, Facebook pages were hacked to impersonate Meta, which were then used to spread malware.

About the Author

Husain Parvez is a Cybersecurity Researcher and News Writer at vpnMentor, focusing on VPN reviews, detailed how-to guides, and hands-on tutorials. Husain is also a part of the vpnMentor Cybersecurity News bulletin and loves covering the latest events in cyberspace and data privacy.