With this $7 malware, anyone can be a hacker for cheap

July 14, 2017

Proofpoint security researchers examined the Ovidiy Stealer malware, which steals credentials and operates primarily in Russian-speaking regions.

Ever wonder what it costs to start using malware to steal important user credentials on the web? If you're using Ovidiy Stealer, it could be as cheap as $7, according to a new report from Proofpoint.

In its Thursday report, Proofpoint noted that the Ovidiy Stealer had been originally observed in June 2017, but it is still being developed and actively adopted by cybercriminals. There are now several versions of it in the wild.

What's really surprising is the cost, as a single build of the credential stealer only costs between $7 and $13. Despite the low price, the build executables are crypted, making them harder to find and analyze, the report said. So, for only $7, a would-be hacker gets access to a tool that allows them to steal credentials and avoid detection at the same time.

The report did note that the behavior of Ovidiy Stealer could be detected, but it is often categorized in a way that doesn't take its significance into account.

Ovidiy Stealer is written in .NET and primarily targets the following browsers and applications: FileZilla, Google Chrome, Kometa browser, Amigo browser, Torch browser, Orbitum browser, and Opera browser, the report said. Ovidiy Stealer is likely being distributed as executable attachments in an email, or links to a download. It is also being spread through file hosting and keygen sites, the report noted.

Potential purchasers can buy Ovidiy Stealer from its own website as well. On the site, support and features are listed, along with statistics on how well the tool is performing in infecting machines, the report highlighted. Ratings of the different modules are also available on the site.

While Ovidiy Stealer isn't a powerhouse, it's cheap and easy to get, lowing the barrier for potential criminals. Enterprise security professionals should study the tool and take steps to protect their organization.

"Ovidiy Stealer highlights the manner in the cybercrime marketplace drives innovation and new entrants and challenges organizations that must keep pace with the latest threats to their users, their data, and their systems," the report concluded.

The 3 big takeaways for TechRepublic readers

Ovidiy Stealer is a new credential stealer that costs as low as $7, and has protections in place to prevent detection and analysis.
Ovidiy Stealer is written in .NET and targets specific applications and browsers, and there are multiple versions already out in the wild.
The malware itself isn't very powerful, but has the potential to become widespread and security professionals should keep an eye on it.

< Here >