Login | September 21, 2017

Cheap password theft malware threatens all of us, laughs at us, too

Technology for Lawyers

Published: August 25, 2017

Of course, it’s the Russians.

There is now an imperative to making your passwords safe. It really isn’t a choice anymore.

Malware startup Ovidiy, first detected in June, sells malware that both steals passwords from browsers and hides itself. That may not be news in and of itself, but the price of this new infestation is news: it sells for $7-13 (450-750 rubles), and is openly hawked on its developer’s website.

While the actual location of the malware’s developers can’t be known, payment for the product is only accepted via RoboKassa, the Russian equivalent of PayPal. The malware isn’t dangerous in and of itself, but any cybercriminal can use it to get anybody’s browser password (although it only seems to target certain browsers to this point in its brief life).

While the malware hasn’t been reported to be able to access a computer’s password itself, it would access your computer if you use the same password for everything.

Ovidiy, so far, concentrates itself in Russian-speaking countries, but has and will spread across the globe, and has already been detected in computers in the UK, the Netherlands, India and Russia.

The developer’s website looks and acts like any legitimate site, posting product notes, comments, future product development ideas and statistics and logs of infected machines. All in all, their site’s openness does seem to indicate that they don’t think anyone is going to bust them any time soon (and, since they are Russian, you can think anything you want to about that (and I know what I think)).

Is there a cure for this malware? No, not yet. But you can take steps to prevent it from infecting your machines.

At this point, everyone must be proactive against this, whether or not you think you are at risk (you are). So—everybody listen up! You must install random password generators and two-step authentication today!

There are a lot of places to go to get random passwords, including Random.org and passwordgenerator.net, as well as your antivirus and various apps. The key here is to never use the same password twice for anything (yes, a pain, but necessary).

Two-factor authentication is available in many apps, although you have to look for it. If you aren’t using it now, start immediately.

Good luck out there!