Proofpoint security company has discovered a new form of Malware that costs only 7 dollars and can not be detected by antivirus software.
After an in - depth analysis of malware, the Proofpoint explains that Ovidi Stealer costs from 450 to 750 rubles (ie from 7 to 13 USD), and includes a precompiled executable file.
The company says the file is encrypted to "prevent analysis and detection" and while the infection can be detected by some solutions antivirus, is listed with a generic description that says little about the Malware's purpose.
Ovidiy Stealer usually spreads through executable email attachments, compressed executable attachments, and links to sites with cracks and keygens. In all cases, the included file is an executable file that contains the malicious software.
The malware it targets many popular software solutions like Google Chrome, Opera browser, Filezilla and Torch browser.
“We have noticed that versions 1.0.1 to 1.0.5 are being released. Ovidy Stealer is written in .NET and most of its samples are packaged with either .NET Reactor or Confuser. When running, the malware remains in the folder where it was installed and where it will start running all its processes. The strange thing is, there is no mechanism that restarts it on rebootmovement. So after the system is shut down the malware will stop running, but the folder will remain on the system,” says Proofpoint.
Once it infects a machine, the malware uses SSL / TLS connections to communicate with an administration and control server and searches for passwords in the applications listed above to pass them on to hackers. Αποστέλλει information such as processor ID, website with stored credentials, targeted applications, username and passwords.
Many updated samples of malware have already been detected online, so updating the security software you use and always checking twice before downloading files from unreliable sources seems to be the two best ways to stay protected.