The National Information Technology Development Agency’s (NITDA) Computer Emergency Readiness and Response Team (CERRT) has alerted Nigerians to a new malware attack.
According to the agency, the new malware identified as ‘Ov3r Steale’ targets Facebook users.
In an advisory released on Monday, the NITDA said the new threat deceives Facebook users to click on malicious links under the guise of job advertisements and then gains access to the users’ sensitive information and extracts their data for attacks.
“A new threat, known as “Ov3r Stealer” malware, has emerged, targeting users on Facebook and spreading through deceptive job advertisements and fake accounts.
“Users become infected by clicking on these malicious advertisement links. The malware employs various execution methods to extract sensitive data from victims.
“The Ov3r_Stealer malware can also be used as a dropper for other malware, including ransomware.
“When users click on the advertisement, they are redirected to a malicious Discord URL, which executes the malware through a PowerShell script masquerading as a Windows Control Panel (CPL) file to download the malware payload from a GitHub repository.
“Ov3r_Stealer poses a significant risk by silently exfiltrating a wide range of personal and sensitive information, including geolocation (based on IP), hardware info, passwords, cookies, credit card information, auto-fills, browser extensions, crypto wallets, Office documents, and antivirus product information.
“This data is subsequently transmitted to a Telegram channel, where it is possibly sold or used for phishing attacks,” NITDA said.
To guard against attacks, NITDA advised Nigerians to always ensure that their apps are updated.
It warned Facebook users to be wary of clicking on advertisement links, especially on social media platforms.
The agency also urged Nigerians to ensure that their systems’ antivirus is updated regularly and that they stay updated on new and evolving threats.
Author
Leave a comment