Ovidiy Stealer may not be that advanced, but the support is great.
New malware is nothing new. Password stealers are also not new. What is new, is the marketing and support behind Ovidiy Stealer.
Ovidiy Stealer is a new password stealer. It’s not even that advanced of a password stealer. Written in .NET, the software is written to target specific targets, which can include FileZilla, Google Chrome, Kometa browser, Amigo browser, Torch browser, Orbitum browser, and Opera browser. There is no persistence mechanism, meaning that once the device is rebooted, it will cease to run, although it will remain on the victim’s computer.
In reality, nothing really new or even that impressive. That is until we get to the distribution. The malware is being distributed out of Russia and can be purchased for the equivalent of $7 to $14 per build, depending of course on how many of the above mentioned applications the buyer wishes it to steal from. The software is sold from a website that includes buyer testimonials, roadmaps for future releases, and more information showing the “benefits” of the product. It appears much like any website for any legitimate software. But this is no legitimate software, this is criminal malware. On top of this, user’s gain access to their own dashboard to control their build, and are offered support for their purchase.
We are witnessing the mainstreaming of malware. No longer is this a world where cybersecurity criminals need to be hackers themselves. Now anyone can simply purchase malicious software builds to commit their own crimes. As cyber-criminals continue to evolve, we need our legitimate business to evolve even faster.