22 July 2017

You Can Buy Password Stealing Malware For Just $7 Online


‘A Simple – Yet Threatening Malware’

Selling this type of malicious malware for this low a price is something new in this dark, digital wilderness of mirrors. ProofPoint noted that “the malware is essentially a password stealer that was available on the product’s official website, ‘ovidiystealer[.]ru. And, like any other consumer product website, it features customer reviews, statistics regarding the sales and efficacy of the product, and much more,” Mr. Hassan wrote.

The sale of this kind of malware at such a cheap price; and that “can be so easily accessed by criminals,” is unusual Mr. Hassan noted. So, in that sense, Ovidiy is an outlier and/or, breaking the mold. 

According to ProofPoint, the malware is designed for one purpose: steal passwords. And, Mr. Hassan adds, Ovidiystealer posts ‘customer reviews,’ and satisfaction/effectiveness, and notices/alerts regarding updates and newer versions. Customers can pay using “RoboKassa – a Russian-based, digital platform for transferring money, and similar to PayPal,” Mr. Hassan explained. “Customers can also use credit cards,” he added, something that I would not recommend.

‘A Closer Look At The Malware’

“Ovidiy is currently being sold in the Russian [digital] market,” Mr. Hassan writes; and, “has a number of versions.” ProofPoint’s research showed Ovidiy first became available in June 2015; and, “the malware is written in .Net; and, the executable files are encrypted — making further [detailed][ analysis and investigation difficult. Furthermore,” he adds, the author of the malware goes by the name of “The Bottle.” 

“Currently, the browsers which the malware modules affect [infect], include: Google, Chrome, FileZilla, Kometa, Amigo, Torch, Orbitum, and Opera — Customers can buy as little as one module,” according to ProofPoint.

How It Works

Unfortunately, like a lot of ultimately successful cyber phishing hacks, Ovidiy is a Trojan Horse, hiding within what appears to be a legitimate email attachment, downloadable links, software updates, game applications, and as a hacking tool. Mr. Hassan warns that “the ,malware is being distributed through websites that offer file-hosting and keygens.” “Once the attachment, or infected file has been executed,” the malware burrows into the victim’s file directory and capable of hijacking the control panel. “The malware connects to the victims command-and-control center, through the SSL/TSL connection [the digital nerve center] connection;” and, masquerades as the victim’s real website and domain name.

It is also devious. Because the designers expected the malware to be discovered by intrusion monitoring software, they made the malware appear to be insignificant/minor as far as the threat it poses to the victim’s network — and, it may not necessarily prompt an alert or further investigation. There is a flaw however to the ability of the malware to stay active, as a simple reboot of one’s computer can digitally wipe out the virus. One has to assume that the cyber thieves are already hard at work figuring out how to overcome this weakness.

I wouldn’t also put it past the seller of this malware to implant some kind of backdoor, or Trojan Horse of their own inside the malware they’re selling. Such a move is risky of course, since if they were discovered to be building in some kind of digital back door — well, there goes their ‘reputation,’ and sales. Having said that, is their any ‘honor among digital thieves?’ I also wonder if Russia-based, U.S. fugitive, Edward Snowden is in anyway associated — wittingly, or unwittingly — with these likely Russian cyber thieves?

Industrial-grade, stealth malware is also being sold on the Dark Web; and, one has to assume that there is almost a limitless means of devising new methods, techniques, and means to clandestinely implant the digital ‘gift that keeps on giving,’ these darker digital angels of our nature. Indeed, these individuals, groups, and nation-states are very creative at devising new, sick and twisted ways to steal that which is most valuable to us. Now, we are beginning to see adaptive malware, that is persistent, and insidious when it comes to violating our networks; and, avoiding being discovered. Digital chameleons and digital decoys, along with denial and deception — are alive and well, on the Internet-of-Things (IoT). Remember, it is the second digital malware or mouse,that usually gets — the digital cheese. V/R, RCP.

No comments: