Password Stealing Malware Ovidiy Stealer Sold for $7 On Russian Site
Today’s computer become an integral part of our daily life. Not only it helps in easing our work but also act as reliable storage media where we can store our important details including the credential data alike password, banking details and much like this. But what if these data are in danger? Yes, with the growing importance of computer system usage cyber crime is too tremendously increases in recent year. Some very few days back we had seen impact of WannaCry ransomware that created series of havoc and affected over lac of computer system across 150 countries. Recently, yet another dangerous PC threats not ransomware but also can’t be taken lightly named as Ovidiy Stealer detected by security experts.
What is ‘Ovidiy Stealer’?
Ovidiy Stealer is a new lightweight, easy-to-use credential stealer which is primarily targeting the important passwords stored in your installed browsers. It been discovered after experts found that a Russia-speaking malware developer who is known by the name “TheBottle” started selling new infostealer under the name of Ovidiy Stealer. This very password stealing malware ‘Ovidiy Stealer’ sold for 450-750 Rubles ie $7-$13 on Russian site. Coming to its internal design then it’s being supported with slick UI, which include a management panel that makes its very easy to use the tool as well as tracking results. Moreover, the malware is written in .NET and currently is capable to affect the following browsing:- Google Chrome, FileZilla, Kometa, Amigo, Torch, Orbitum, and Opera.
Read More:- About Ransomware
Key Features of Ovidiy Stealer:-
Ovidiy Stealer are for sale on a Russian domain. The user who purchase have ability to access the web panel that provide easy-to-use graphical user interface for managing infected hosts. Some of the very notable features which are included are listed below:-
Detailed Log Files Collection:– Here, you can see all collected log files originating from the compromised hosts.
Template-based Web Panel:– Its web panel configuration module resembles to dangerous ransom-virus like Spora and other famous ransomware families.
Additional Modules Purchase:- This very tool allow the customers to pay for additional modules and the features through well-developed payment system. The service offered is called “RoboKassa” which support payment card transactions and some other services. Here the seller name is listed as “Ovidiy”.
Comments System:- With so much featuresm an addition functional features known as comments and feedback system is implemented which allows customers of Ovidiy Stealer to share their feedback.
How ‘Ovidiy Stealer’ Spread?
This very vicious malware Ovidiy Stealer mainly spread via malicious EXE files. On depth research researchers gathered some list of filenames that were used to distribute the malware during past month:
cheat v5.4.3 2017.exe
WORLD OF TANKS 2017.txt.exe
All these malicious files were primarily spread via file hosting portals, spam email campaigns which contain malicious attachment or a bad links from where user can download file and cracking & keygen sites.
How Ovidiy Stealer Work On Compromised PC?
As said earlier, this very password stealing Malware ‘Ovidiy Stealer’ is basically spread via email attachments, software, game applications, downloadable links, as well as comes as hacking tool. Additionally it is distributed through websites that offer file hosting and keygens. Once after the attachment or the infected file executed it make its space into the victim’s directory and then after will perform its commands from directory. Without your notification your system us connected command-and-control center through SSL/TLS connection. The more interesting thing about the Ovidiy Stealer is that it is being detected by your Anti-virus but under heuristic detection that many time ignored but your PC would behave total differently.
Reference:- Meet Ovidiy Stealer
The only good thing about Ovidiy Stealer is that it doesn’t obtain boot persistence. At technical level, the tool is incomplete and will stop working once after you rebooted the compromised computer system. For lacking this very features it might not be regarded as most advanced stealer but the new marketing and an entry-level price scheme make it most attractive as well as accessible to many.