New Cybercrime Market Emerged For Threat Operators

OLVX, a new cybercrime market, has appeared and is rapidly collecting new clients seeking to purchase tools for online fraud and cyberattacks. OLVX is following a recent trend in which cybercrime markets are increasingly hosted on the clearnet rather than the dark web, making them more accessible to various users and easier to promote using search engine optimization (SEO). According to researchers, they discovered OLVX in early July 2023 and observed a significant increase in activity on the new marketplace in the fall, including an increase in both vendors and buyers. OLVX’s popularity has increased due to the market’s admins’ SEO efforts, advertisements on threat operator forums, promotion using the platform’s dedicated Telegram channel, and the breaching community’s “word of mouth.” With the OLVX marketplace offering thousands of individual products through numerous categories, the site administrators maintain relationships with different cybercriminals that created custom toolkits and can obtain specialized files, thus furthering OLVX’s ability to maintain and attract clients to the platform.

Purchasing On OLVX

OLVX, unlike most markets of this type, doesn’t use an escrow service Instead, it provides a deposit to a direct payment system that accepts Bitcoin, Monero, Ethereum, Litecoin, TRON, Bitcoin Cash, Binance Coin, and Perfect Money. It encourages users to spend more because funds are always available, resulting in more frequent transactions. Clients who are running low on funds are encouraged to “top-off” their accounts using a time-limited anonymous cryptocurrency address to protect their privacy and security. With deposited funds facilitating more purchases, they make it easier for marketplace administrators to execute an exit fraud stealing all deposits.

Items Sold on OLVX

OLVX hosts numerous low-cost digital items, software, and services for committing cybercrime or improving existing operations. The items sold on OLVX are summarized as follows:

• Access to compromised reputable global websites, with the option to validate the connection before making a purchase. Prices start at less than $5.
• Over 6,000 active cPanel accesses are available, most likely from compromised sites. Details including country, domain, hosting provider, and rankings are available, with pricing often under $10.
• Compromised Remote Desktop Protocol and Secure Shell access to potentially legitimate servers for under $10, with credentials validated before purchase. Prices vary according to access level and system specifications.
• Over 1,000 compromised SMTP accounts and scripts for executing email campaigns for less than $10.
• Over 8,000 compromised webmail credentials that allow for searches of specific domains required for social engineering attacks are offered for a few bucks.
• Numerous lists of email addresses and compromised credentials, used for bigger attacks including phishing or brute force, cost between $1 and $200 depending on database size, target, and country.
• Credentials for certain domains/services, including user-to-administrator access, at varied fees. Items sold can include adult website accounts, providing a social engineering angle.
• Pre-developed phishing kits with some containing advanced features, including 2FA bypass, cost up to $150 for feature-rich kits and less than $20 for general sites. The kits target numerous industries, including retail and finance.

Given the nature of the new cybercrime market, it’s impossible to independently verify the above’s validity and quality. However, OLVX’s growing popularity and reputable status lend credence to the legitimacy of the most accessible items. The activities on the cybercrime market peak during the holiday shopping season and shoppers should always be vigilant in identifying and avoiding scammers. At SpearTip, our certified engineers work continuously at our 24/7/365 Security Operations Center monitoring companies’ data networks for potential cyberattacks and ready to respond to incidents at a moment’s notice. Our IT remediation team works to restore companies’ operations, reclaim their networks by isolating malware, and recover business-critical assets. Our assessments leave no stone unturned in examining how companies leverage their current technology. We review application and operating system access controls and analyze physical access to their systems. We conclude with detailed reports and recommendations to keep companies compliant and safe, according to industry standards. Our ShadowSpear Platform, an integrable managed detection and response tool, uses comprehensive insights through unparalleled data normalization and visualizations to expose sophisticated unknown and advanced threats. Our cybersecurity awareness training educates individuals and organizations about best cybersecurity practices and provides the knowledge and skills necessary to protect their systems and data from cyber threats. Our training covers password security, phishing scams, social engineering, malware, data protection, and network security. By providing cybersecurity awareness training, organizations, and their employees can better understand the risks of the cyber landscape and develop impactful cybersecurity practices that can reduce the likelihood of cyberattacks. Cybersecurity awareness training is an essential component of any comprehensive strategy to protect sensitive information, such as personal data, financial information, or intellectual property, and to prevent data breaches, system downtime, and other negative consequences that can result from cyberattacks.

If your company is experiencing a breach, call our Security Operations Center at 833.997.7327 to speak directly with an engineer.