A new password stealing malware, dubbed Ovidiy, is now being sold dirt cheap on the dark web. The hackers selling the malware have also offered "testimonials" from satisfied customers, presumably to help prove its authenticity and effectiveness. Security researchers said the malware is currently priced between $7 and $13 (£5 - £ 9) and is being marketed primarily in "Russian-speaking regions".
The malware has also been updated several times since it was first spotted in June. To make it easier for potential buyers to purchase Ovidiy, the cybercriminals marketing the credential stealing malware are using a payment service called "RoboKassa", considered to be the Russian equivalent of PayPal. Researchers at Proofpoint say that the payment service allows buyers to pay using credit cards.
"The growing number of samples demonstrate that criminals are actively adopting this malware," Proofpoint security experts said. "Ovidiy Stealer is offered for sale on ovidiystealer[.]ru, a domain which will help attract potential customers and, as noted above, also the C&C domain. The malware boasts support, features, and login access to the web panel. The admin panel for Ovidiy Stealer allows the botmaster to view statistics on infected machines, view logs, build more stubs, and manage the account."
Despite being priced so low, the malware is designed to evade detection and is capable of targeting multiple applications. Ovidiy also sends any passwords it finds to the hackers operating the malware, which leaves organisations at risk of being targeted multiple times, especially in the event of password reuse.
What happens to your data once it is on the dark web?
In order to boost sales, the cybercriminals marketing Ovidiy have included statistics and showcase plans for future upgrades of the malware. The Proofpoint researchers said the malware is "lightweight" and simple to use, which when combined with the malware developers' frequent updates and support system, provide it the potential to become a "much more widespread threat",
"While it is not the most advanced stealer we have seen, marketing and an entry-level price scheme make it attractive and accessible to many would-be criminals," the Proofpoint researchers said.
"Stolen credentials continue to be a major risk for individuals and organisations, because password re-use can enable one stolen login to compromise several more accounts, and the sale of stolen accounts continues to be a lucrative market for criminals looking for quick profits. Ovidiy Stealer highlights the manner in which the cybercrime marketplace drives innovation and new entrants and challenges organisations that must keep pace with the latest threats to their users, their data, and their systems."
You may be interested in:
- South Carolina voter registration system hit by nearly 150,000 hack attempts on Election Day - report
- Google pay gap battle: Tech giant spared from providing extensive employee data
- Who was behind the Qatar hack? US intel sees UAE hand in cyberattack that sparked regional crisis
- Dark Web deals: Password stealing malware Ovidiy now up for sale for just $7