A new form of credential-stealing malware -- complete with slick marketing and support from its authors -- is available for as little as $7, providing wannabes with a worryingly easy entry point into the world of cybercrime.
First appearing a month ago, Ovidiy Stealer is regularly updated by its Russian-speaking authors and the malware has hit targets around the world including the UK, the Netherlands, India, and Russia.
Despite its low price of 450-750 Rubles ($7-13), the malware comes with code designed to avoid analysis and detection.
Uncovered by researchers at Proofpoint, the malware is spread via a number of methods, including malicious email attachments, file-hosting websites, and even within software packages.
It comes with functionality to target multiple applications, but buyers are able to purchase a version of the malware which only focuses on a single browser if they so wish.
If the malware is able to find passwords in its targeted applications, it will send them to the gang using it, putting the victim and their organisation at risk of compromise, especially if the same password is used across multiple accounts.
Ovidiy Stealer is openly sold on a domain which boasts support and features -- including the ability to view statistics and logs of infected machines -- to potential customers. Payment for the malware is taken by RoboKassa, the Russian equivalent of PayPal.
In order to help drive sales in the competitive criminal world of malware, the developers include statistics and detail plans for future releases of Ovidiy Stealer.
While Ovidiy Stealer isn't advanced, the marketing and advertising around it, combined with a low price, could make it very attractive to wannabe cybercriminals who might not otherwise have the expertise to get involved.
"Ovidiy Stealer highlights the manner in the cybercrime marketplace drives innovation and new entrants and challenges organizations that must keep pace with the latest threats to their users, their data, and their systems," said Proofpoint researchers.
While many cybercriminal operations are run by highly sophisticated gangs which do not sell their products to outsiders, there's a growing market for 'cybercrime-as-a-service' schemes which provide low-level criminals with all the tools they need to get started, in return for a cut of the profits.