Catalin Cimpanu of Bleeping Computer reports that a Russia-speaking malware developer going by the name of “TheBottle” has started selling a new infostealer malware with the name of Ovidiy Stealer. This new malware strain is offered for sale starting at just $7. It’s low price is because the malware isn’t as powerful as other commercial infostealers available on the market but it can still be effective.
[spacer height=”10px”]
Malware Data TheftThe Ovidiy Stealer spreads via booby-trapped executables posing as legitimate applications. These files have been spread by file hosting portals and also via email campaigns that deliver the file as an attachment, or are included as a link where users are encouraged to download the file.  Files infected with this infostealer have a low detection ratio and are usually labeled with generic names which makes detection more difficult.
[spacer height=”10px”] “It is possible that an AV solution will detect the behavior of Ovidiy Stealer but label it in logs with a generic description and thus security personnel that monitor your network may well see the event but not recognize its significance,” researchers said in a technical report.
[spacer height=”10px”]
Infected hosts should be aware that Ovidiy Stealer can collect and steal information from applications such as: FileZilla, Google Chrome, Kometa, Amigo, Torch, Orbitum and Opera browser but future changes may expand that list of vulnerable software programs.
[spacer height=”10px”]
On the bright side, Ovidiy Stealer doesn’t obtain boot persistence which means that if you reboot, the malware will stop functioning. However, persistence isn’t really needed for an infostealer because it only needs a few seconds to dump and steal your data.
[spacer height=”10px”]
“While it is not the most advanced stealer we have seen, marketing and an entry-level price scheme make it attractive and accessible to many would-be criminals,” Proofpoint security researchers reported. “Ovidiy Stealer is lightweight and simple enough to work with relative ease, allowing for simple and efficient credential exfiltration. A lightweight, easy-to-use, and effective product coupled with frequent updates and a stable support system give Ovidiy Stealer the potential to become a much more widespread threat.”
[spacer height=”10px”]
Once antivirus solutions detect Ovidiy Stealer correctly and you’re notified of an infection you should immediately reset the passwords all of your internet portals.