Suppressing malware attacks on social media

THE National Information Technology Development Agency (NITDA) has been proactive in its mission towards providing a safer cyberspace for citizens. Recently, NITDA’s Computer Emergency Readiness and Response Team took another step ahead by issuing an alert to Nigerians about a new malware attack known as ‘Ov3r_Steale,’ which specifically targets Facebook users. It was learnt that the emerging threat tricks Facebook users into clicking on malicious links disguised as job advertisements; thus, it gets unauthorised access to people’s sensitive information and extracts their data for potential attacks. The agency stated: “A new threat, known as “Ov3r_Stealer” malware, has emerged, targeting users on Facebook and spreading through deceptive job advertisements and fake accounts. Users become infected by clicking on these malicious advertisement links. The malware employs various execution methods to extract sensitive data from victims.”

According to a report in December 2023, an average of 411,000 malicious files were being sent every day last year, signifying a three percent increase from what was sent in 2022. Meanwhile, social media platforms have become an important part of our daily lives, serving as avenues for communication, entertainment, and networking. However, with the increased credence of using digital platforms comes the heightened risk of cyber attacks, including the infamous tactic known as Ov3r_steale attacks. These malware attacks represent a significant cybersecurity concern for Facebook users, as they target unsuspecting individuals with the intent of stealing their login credentials, geolocation, hardware information, passwords, credit card information, and some other sensitive information. These attacks can lead to myriad consequences, including identity theft, financial loss, and reputational damage. Recently, some Facebook users have encountered an unsettling issue where unauthorised individuals post pornographic content on their accounts. To regain access, affected users are often required to pay a significant sum of money. Additionally, in some instances, these unauthorised users exploit the compromised accounts to solicit money from the owner’s friends.

Nevertheless, such occurrences typically require prior actions or vulnerabilities on the part of the user. Mostly by clicking malicious URLs. One of the signs of ‘Ov3r_steale’ is its deceptive nature, often masquerading as legitimate communications or interaction within the Facebook platforms. Users may encounter suspicious messages, job advertisements, or notifications purporting to be from Facebook, prompting them to take action, such as verifying their credentials or clicking on links to purported job application websites. Additionally, ‘Ov3r steale’ attacks manifest in the form of phishing attacks, where users are redirected to fraudulent URLs. This web address triggers the malware using a PowerShell script cleverly masked as a Windows Control Panel file. This ultimately results in the downloading of the malware payload from a GitHub repository. However, on a positive note, it’s worth mentioning that ‘Ov3r steale’ attacks are entirely avoidable. To enhance protection against these attacks, NITDA recommended that Nigerians constantly update their applications.  “Additionally, caution is advised for Facebook users, particularly when interacting with advertisement links on social media platforms,” it stated.

The agency further emphasised the importance of regularly updating antivirus software on users’ systems to stay vigilant against new and evolving threats in the cyber landscape. Another effective measure of avoiding ‘Ov3r_Steale’ attacks is enabling two-factor authentication (2FA) on Facebook accounts. This additional layer of security requires users to provide a secondary form of verification, such as a code sent to their mobile device, in addition to their password when logging in. By implementing 2FA, users can significantly reduce the likelihood of unauthorised access to their accounts, even if their login credentials are compromised. Furthermore, users should exercise caution when interacting with suspicious links or messages on Facebook. Avoid clicking on links from unknown sources or messages that prompt for sensitive information, as these may be indicative of phishing attempts associated with ‘Ov3r_Steale’ attacks.

Also, verifying the legitimacy of communication and scrutinising URLs before clicking on them can help mitigate the risk of falling victim to malicious links.

Additionally, most of these fraudulent URLs can be discovered by the misspelling of words or the use of letterlike symbols. For instance, consider URLs like Nigeria.com and Nigeriα.com, or Education.com and E. ℇducation.com. In the former, the spelling is correct, while in the latter, it’s incorrect, featuring letterlike symbols such as α in Nigeria and ℇ in education. In addition to strengthening authentication measures, regularly monitoring account activity and settings on Facebook is also essential for detecting and mitigating potential security threats. Users should review their privacy settings, security preferences, and active sessions to ensure that no unauthorised access or suspicious activity has occurred. Reporting any unusual or suspicious behaviour to Facebook’s support team can prompt swift action to investigate and address potential security breaches. If you suspect that your Facebook account has been compromised by an ‘Over_steale’ attack, it’s crucial to take immediate action to regain control of the account. Another effective measure is to promptly change your Facebook password. Additionally, conduct a comprehensive scan for malware or malicious software that could have enabled the attack. If the Facebook account is linked to an email, consider removing any unauthorised users through the email account.However, it is important to note that the responsibility for safeguarding your digital safety lies with you. By taking proactive steps to mitigate the risks of cyberattacks and prioritising online security, one can enjoy a safer and more secure experience on Facebook and other online platforms.

• Agaka writes in from Kano.

Read Also: 10 foods to avoid if you want to live long