This cheap password-stealing malware just added to your security headaches

CERT-LatestNews Malware Security News ThreatsCybercrime ThreatsStrategic Uncategorized


The creators of Ovidiy Stealer offer support to users.

Image: Proofpoint

A new form of credential-stealing malware complete with slick marketing and support from its authors is available for as little as $7, providing a worryingly-easy entry point into the cybercriminal world for wannabees.

First appearing a month ago, Ovidiy Stealer is under regularly updated by its Russian-speaking authors and the malware has hit targets around the world including the UK, the Netherlands, India and Russia.

Despite its low price of 450-750 Rubles ($7-13), the malware comes with code designed to avoid analysis and detection.

Uncovered by researchers at Proofpoint, this malware is spread via a number of methods, including malicious email attachments, file-hosting websites and even within software packages.

It comes with functionality to target multiple applications, but buyers are able to purchase a version of the malware which only focus on a single browser if they so wish.

If the malware is able to find passwords in its targeted applications, it will send them to the gang using it, putting the victim and their organisation at risk of compromise, especially if the same password is used across multiple accounts.

Ovidiy Stealer is openly sold on a domain which boasts support and features – including the ability to view statistics and logs of infected machines – to potential customers. Payment for the malware is taken by RoboKassa, the Russian equivalent of PayPal.

In order to help drive sales in the competitive criminal world of malware, the developers include statistics and detail plans for future releases of Ovidiy Stealer.



Reviews help Ovidiy Stealer look appealing to potential buyers.

Image: Proofpoint

While Ovidiy Stealer isn’t advanced, the marketing and advertising around it combined with a low price could make it very attractive to wannabe cybercriminals who might not otherwise have the expertise to get involved.

“Ovidiy Stealer highlights the manner in the cybercrime marketplace drives innovation and new entrants and challenges organizations that must keep pace with the latest threats to their users, their data, and their systems,” said Proofpoint researchers.

While many cybercriminal operations are run by highly sophisticated gangs which do not sell their products to outsiders, there’s a growing market for ‘cybercrime-as-a-service’ schemes which provide low-level criminals with all the tools they need to get started in cybercrime – for a cut of the profits.