The National Information Technology Development Agency (NITDA) has issued a warning about a new cyber threat named ‘OV3R_Stealer’, designed to compromise the security of Facebook users.
Hadiza Umar, NITDA’s Head of Corporate Affairs, cautioned Nigerians on Monday, highlighting the malware’s distribution through deceptive job advertisements and fake accounts.
Users are at risk of infection by clicking on these malicious advertisement links, with the malware utilizing various execution methods to extract sensitive data, including acting as a dropper for other malware, such as ransomware.
The malicious discord URL, once clicked, executes the malware through a PowerShell script disguised as a Windows Control Panel (CPL) file. The malware payload is then downloaded from a GitHub repository.
‘Ov3R_Stealer’ poses a substantial risk by silently exfiltrating personal and sensitive information, including geo-location, hardware details, passwords, cookies, and credit card data.
The harvested data is transmitted to a Telegram channel, raising concerns about potential misuse or sale for phishing attacks.
NITDA emphasized the importance of keeping software updated, avoiding clicking on advertisement links, especially on social media platforms like Facebook.
Users were urged to ensure their system antivirus is regularly updated to safeguard against evolving cyber threats.