You can buy almost anything online these days – clothes, books, food, the list goes on. That list also includes malware, as malicious viruses can be sold on the dark web at almost any price. Now, a new malware is for sale, and it’s available for purchase at an extremely low price, 450-750 Rubles ($7-$13) to be exact. Once purchased, the malware, named Ovidiy Stealer, is capable of stealing passwords from a number of targeted applications.
Created by a developer named TheBottle, Ovidiy Stealer is available both on a Russian website, as well as various cybercrime forums. Once purchased by a cybercriminal, Ovidiy Stealer can spread a number of ways, including malicious email attachments, file-hosting websites, and within software packages. Crooks are even disguising it as cheating tools for popular games and cryptocurrency mining tools.
The malware comes with code specifically designed to avoid analysis and detection. It also has the ability to target multiple applications, but buyers are able to purchase a version of the malware that only focuses on a single browser. From there, cybercriminals can target whatever application or browser they’d like and steal user credentials. They also get access to a web-based dashboard where they can keep tabs on their malicious campaigns.
So far, Ovidiy Stealer has hit targets around the world including the UK, the Netherlands, India, and Russia. Therefore, users need to start thinking about how to stay protected from this widespread attack. To do just that, follow these tips:
-Be careful what you click.Whether it’s a malicious attachment or a software package sent from an unknown source, it’s crucial you’re always wary of clicking on unfamiliar items. Cybercriminals leverage these techniques to spread malware. So, if an unwarranted email or offer comes through, it’s best to just err on the side of caution and avoid clicking on it all together.
-Utilize multi-factor authentication (MFA). Having multiple factors to authenticate your accounts, like your fingerprint, face, or another trusted device, adds an extra layer of security to an account in the case your password is compromised. If you use a service that offers MFA, be sure to enable it. The more factors you can combine, the safer your accounts will be.
-Use a password manager. Take your security to another level with a password manager, like the True Key app. A password manager can help you create strong and secure passwords and log you into your favorite websites automatically using multi-factor authentication.