Ovidiy Stealer Malware Targets Windows Users Despite Glaring Issues

July 16, 2017

A new malware, known as Ovidiy Stealer, is making the rounds on Russian websites. This particular tool is quite cheap for criminals to purchase. The price is around $10. Unfortunately, it is not the best type of info-stealing malware either, which explains the lower price point.

Ovidiy Stealer can be an Annoyance

As is the case with any type of malware designed to steal information from people’s devices, Ovidiy Stealer can prove to be a real pain in the neck. It appears this particular tool is often spread through executable files for the Windows operating system. It pops up in some fake cryptocurrency wallets, games, and hacked software versions. So far, it does not appear any cryptocurrency users have had their wallet information stolen.

Ovidiy Stealer can be purchased from a Russian darknet marketplace for as little as $7, although prices may vary depending on the RUB/USD exchange rate. At most, people will pay just $13 for it. However, you get what you pay for, and a cheap tool will not result in people making millions of dollars overnight. It takes a fair amount of work to infect people with this malware in the first place.

Criminals purchasing this particular tool often embed it in executable files distributed through peer-to-peer protocols such as torrents.Several filenames have been identified already, which appear to relate to Litebitcoin, VK Hack Tool, World of Tanks, and a TeamSpeak update. This list will grow a lot longer as more time progresses. Spreading hacked paid software is always a great way of distributing malware and that trend will not change anytime soon.

It also appears criminals distributing Ovidiy are trying to get more people infected through dedicated spam email campaigns. Spreading a malware-laden executable as an email attachment to people all over the world certainly has a lot of potential to succeed. There is no evidence to show this particular tool has been even remotely successful, even though its list of features -limited as it is- should not be written off by any means.

Ovidiy Stealer can obtain data from programs such as FileZilla, Google Chrome, Opera, and a few other browsers. That in itself is quite disturbing since a lot of people spend their entire online life in a browser these days. Knowing someone may snoop on your information and harvest login credentials is worrying. It is expected antivirus solutions will release an update to thwart this malware.

There are some downsides to this malware as well. The control panel for all “customers’ is hosted on the same domain hosting the Ovidiy Stealer itself. Paying for this malware can only be done through RoboKassa, the Russian version of PayPal.  Last but not least, rebooting your device will eliminate Ovidiy Stealer as a threat. A rather glaring list of shortcomings which make this malware more of an annoyance rather than a legitimate threat.

About The Author

Jdebunt

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.