A new password stealing malware, dubbed Ovidiy, is now being sold dirt cheap. The hackers selling the malware have also offered "testimonials" from satisfied customers, presumably to help prove its authenticity and effectiveness. Security researchers said the malware is currently priced between $7 and $13 (£5 - £ 9) and is being marketed primarily in "Russian-speaking regions".
Although cybercrime-as-a-service has made marketing malware on the dark web fairly popular, Proofpoint researchers said that Ovidiy is not being sold on the dark web. Instead, the malware is accessible via the regular web.
"The malware has hit targets in Russia, Ukraine, Kazakhstan, Turkey, Belarus, India, United Kingdom, Netherlands and others," Proofpoint told IBTimes UK.
The malware has also been updated several times since it was first spotted in June. To make it easier for potential buyers to purchase Ovidiy, the cybercriminals marketing the credential stealing malware are using a payment service called "RoboKassa", considered to be the Russian equivalent of PayPal. Researchers at Proofpoint say that the payment service allows buyers to pay using credit cards.
"The growing number of samples demonstrate that criminals are actively adopting this malware," Proofpoint security experts said. "Ovidiy Stealer is offered for sale on ovidiystealer[.]ru, a domain which will help attract potential customers and, as noted above, also the C&C domain. The malware boasts support, features, and login access to the web panel. The admin panel for Ovidiy Stealer allows the botmaster to view statistics on infected machines, view logs, build more stubs, and manage the account."
Despite being priced so low, the malware is designed to evade detection and is capable of targeting multiple applications. Ovidiy also sends any passwords it finds to the hackers operating the malware, which leaves organisations at risk of being targeted multiple times, especially in the event of password reuse.
In order to boost sales, the cybercriminals marketing Ovidiy have included statistics and showcase plans for future upgrades of the malware. The Proofpoint researchers said the malware is "lightweight" and simple to use, which when combined with the malware developers' frequent updates and support system, provide it the potential to become a "much more widespread threat",
"While it is not the most advanced stealer we have seen, marketing and an entry-level price scheme make it attractive and accessible to many would-be criminals," the Proofpoint researchers said.
"Stolen credentials continue to be a major risk for individuals and organisations, because password re-use can enable one stolen login to compromise several more accounts, and the sale of stolen accounts continues to be a lucrative market for criminals looking for quick profits. Ovidiy Stealer highlights the manner in which the cybercrime marketplace drives innovation and new entrants and challenges organisations that must keep pace with the latest threats to their users, their data, and their systems."
This article has been updated to include Proofpoint's comments on the Ovidiy malware being marketed via the regular web and the countries that have already been targeted by the malware.