Fake Facebook job ads are using malware to syphon off credit card data and passwords — don’t fall for this

Malware warning on a Mac
(Image credit: Shutterstock)

Searching for your next job on Facebook could leave you with a nasty malware infection, as cybercriminals have begun using fake advertisements for new positions as a lure to trick job seekers into infecting their PCs with malware.

As reported by The Hacker News, these fake Facebook job ads are used to spread the Windows-based Ov3r_Stealer malware. According to a report (PDF) from Trustwave SpiderLabs, this malware strain can collect a user’s location, hardware info, passwords, cookies, auto-fill data, a list of their browser extensions and antivirus software and even their credit card information.

At the moment, it’s still unclear what this new malware campaign aims to accomplish and whether or not all of this stolen data will end up for sale on the dark web. Likewise, Ov3r_Stealer could be updated to act like a malware loader to download and install additional payloads onto a compromised computer.

Whether you’re searching for a new job yourself or know someone that is, here’s everything you need to know about this dangerous new malware strain along with how to protect yourself online during your next job hunt.

From weaponized PDF to malware infection

Just like with many other cyberattacks, this one begins with a malicious PDF file. The document itself is hosted on OneDrive and if a job seeker does download it, they’re urged to click on an “Access Document” button embedded inside.

Following their investigation, Trustwave’s security researchers believe this weaponized PDF file was shared from a fake Facebook account impersonating Amazon CEO Andy Jassy. However, it’s also being distributed via Facebook ads for digital advertising jobs.

If a potential victim does click on the button embedded in the PDF, they are taken to a DocuSign document that then downloads a control panel file (.CPL) which is executed from the Windows Control Panel process binary (control.exe). From here, this CPL file is used to retrieve a PowerShell loader from a GitHub repository which then launches the Ov3r_Stealer.

Besides the attack methods used, this new campaign shares quite a few similarities with a recent cyberattack disclosed by Trend Micro that drops the Phemedrone Stealer. Trustwave believes that Phemedrone may have recently been re-purposed and given the name Ov3r_Stealer. 

How to stay safe when looking for a new job

Recruiter speaking with a job candidate on a video interview

(Image credit: fizkes/Shutterstock)

Job hunting can be hard enough as it is without having to worry about fake job adverts and malware.

In order to stay safe when looking for your next gig, you need to be extra careful online and while Facebook might seem like a decent enough place to look for jobs, you’re better off sticking to trusted job sites like Indeed or ZipRecruiter. However, if you do want to look for a job on a social network, LinkedIn is a much better option than Facebook.

Even though recruiters and job postings may seem legitimate, you still want to avoid downloading files from unknown senders while not giving any unnecessary information away. This is because in addition to malware, phishing attacks can also be used to syphon off personal and financial information from vulnerable job seekers.

For additional protection though, you should download and install one of the best antivirus software solutions on your PC. The same goes for the best Mac antivirus software on your Apple computer. This way, if you do download a weaponized PDF or some other dangerous file, it will be flagged by your antivirus as malicious before you even have a chance to open it. At the same time, it might be worth investing in one of the best identity theft protection services so that you can be protected from fraud in addition to any attempts to steal your identity.

Job seekers are vulnerable to all types of cyberattacks and online scams but if you exercise caution during your search, you’re likely to get a better position without ending up becoming a victim of cybercrime.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.