A new form of malware has been revealed by Security company Proofpoint. This malware can be purchased at $7 and the matter of concern is that, it is not detected by antivirus software.
Ovidiy Stealer was a undocumented credential stealer that appears to be marketed in the Russian speaking regions, was recently analyzed by threat researchers of Proofpoint. Its original samples were experimental in June 2017 and it is under stable development with various updated versions. criminals has actively adopted this malware due to its growing number of samples. It attacks through the execution of compressed attachments, email attachments and hosting pages or keygen websites links. In all cases, the attachment is executable and infected with malware, so it is important to remain protected.
When it infects a system, malware communicate through control server and command via SSL/TLS and search for passwords in the apps in order to transmit them to hackers. It leaks the information like username and password, processor ID, targeted applications, website with saved credentials, and registered Ovidiy Stealer username.
During the in-depth analysis of this malware, it was explained by Proofpoint that the price of Ovidiy Stealer is 450-750 Rubles (~$7-13 USD), and one build is included in the archive that comes as a precompiled executable. It is also reported by the company that the file is crypted to prevent analysis and detection, however, if some antivirus solution detect the infection, then it is flagged with simple description.
Going after popular software
Popular software's such as Opera Browser, Filezila, Google Chrome and Torch Browser, are at great risk from the malware as it targets them.
Version 1.0.1 and 1.0.5 is distributed in the wild. Written in Dot NET, Ovidiy Stealer samples are full of Confuser and .NET Reacter. When executed, the malware will remain the installed directory and carry out tasks. According to Proofpoint, there is no resolution mechanism created into this malware, so it will top running on reboot but the file will remain on the victim machine.
There are many updated samples of Ovidiy Stealer have found online, so to remain protected, it is essential to check twice before updating software and downloading file from different untrusted sources.
0 comments:
Post a Comment