Ovidiy Stealer malware is actually a credential stealer which is marketed in the Russian-speaking region. The growing numbers of Ovidiy stealer clearly indicate that cyber criminals are adopting this malware which is traded at a price of 450-750 Rubles ( $7- 13 USD).

This $7 Malware Allows Anyone To Become A Hacker!

We must admit that malware and ransomware attacks are on the rise. Well, we all know that malware usually hides in a malicious link. Recently, Proofpoint threat researchers have found a new kind of malware which is known as Ovidiy Stealer.

Let me tell you, Ovidiy Stealer malware is actually a credential stealer which is marketed in the Russian-speaking region. The ovidiy stealer malware is on the rise and the original samples were discovered in June 2017.

The growing numbers of Ovidiy stealer clearly indicate that cyber criminals are adopting this malware which is traded at a price of 450-750 Rubles ( $7- 13 USD) for one build. Proofpoint researchers claimed that the file of Ovidiy stealer is crypted to ‘thwart analysis and detection’

Ovidiy Stealer malware can easily dodge the antivirus or other security programs. Few antivirus programs are identifying Ovidiy stealer with generic and heuristic signatures. If any antivirus detects Ovidiy stealer with heuristic, the AV solution can only detect the behaviors but will label it in logs with a generic description.

That simply means that security analysts can see the event but not recognize its consequence. According to the reports from Proofpoint, the malware is spreading itself with the help of executable email attachments, compressed executable attachments and links to websites which provide keygens.

After making room in victims computer the malware targets some popular software like Google Chrome, Opera Browser, File Zilla and Torch Browser to spread itself. Here’s what Proofpoint researchers have said:

“We have observed versions 1.0.1 through 1.0.5 distributed in the wild. Ovidiy Stealer is written in .NET and most samples are packed with either .NET Reactor or Confuser. Upon execution the malware will remain in the directory in which it was installed, and where it will carry out tasks. Somewhat surprisingly, there is no persistence mechanism built into this malware, so on reboot it will cease to run, but the file will remain on the victim machine,”

After infecting victims computer, Ovidiy stealer uses SSL/TLS for communication with a command and control server and then search for passwords in the browsers listed above to send them to the hackers. The malware scans for processor ID, saved credentials like username and passwords.

Let me tell you, there are few samples spotted online, so make sure to update your security solution and check twice before downloading files to stay protected. So, what do you think about this? Share your views in the comment box below.

LEAVE A REPLY

Please enter your comment!
Please enter your name here