Illegal web market thrives ahead of festive season


May your illicit career be merry and bright. A forum that specializes in selling digital tools used in cybercrime is ramping up a brisk trade in the run-up to Christmas.

OLVX Marketplace was first spotted this summer but appears to have seen an uptick in its criminal clientele this fall, according to a cyber threat intelligence analysis by ZeroFox.

ADVERTISEMENT

“As the November and December holiday shopping season is the busiest for retailers and consumers, the OLVX marketplace has, accordingly, also been ramping up its supply of items available to cybercriminals,” it said.

This means legitimate shoppers doing the rounds on the internet in search of a Christmas bargain need to be extra careful, it cautions.

“This new marketplace claims to sell all the tools necessary to commit online fraud, manipulate the very savviest of online shoppers, and make this time of year much less merry and bright,” said ZeroFox.

Some unsavory articles on offer from “well-respected threat actors” include phishing kits, remote desktop connections, control panel access credentials, spam deployment software, stolen data, and webmail access.

This range of cyber-wares makes OLVX a veritable crooks’ own cybercriminal forum, Zero Fox warns.

“While some marketplaces specialize in illegal products such as drugs, counterfeit products, and hacked gift cards, OLVX focuses less on end-user products and more on tools and services to aid cybercriminals in their activities to obtain data,” it said.

Crime store boom

ZeroFox says that it noted an increase in activity on OLVX this autumn, both in terms of “items sold and purchasers flocking to the newly created store.”

ADVERTISEMENT

It further claims that OLVX even uses legitimate domain registration company Cloudflare to conceal its web hosting location and enhance accessibility, and is brazen enough to feature itself on the clear web – the part of the internet openly accessible to all ordinary users.

“Rather than being hosted on the dark web, the OLVX marketplace is on the open web,” said ZeroFox. “Based on an investigation of website coding, the administrators of the OLVX marketplace have implemented multiple methodologies of search engine optimization to gain new customers.”

This has spurred the forum’s growth in recent months, as it reaches out to potential new clients over Telegram, a communications app favored by cybercriminals but also legitimate users.

Clients are encouraged to set up cryptocurrency accounts with OLVX and top these up according to their purchase needs.

“OLVX has implemented a common method of payment via cryptocurrency, but – rather than allow customers to pay directly for each transaction separately – the marketplace requires customers to transfer funds to the platform and maintain a balance,” said ZeroFox.

Cheap and cheerful

Pricing is often quite cheap, with control panel access or remote desktop protocols – which allow a criminal to mask the true origin of their attacks by hijacking someone else’s server – averaging below $10.

However, a list of compromised credentials, useful in automated brute-force attacks on retail or finance targets – often launched by threat actors during the holiday seasons to scam online shoppers – can cost as much as $200.

Phishing tools ranged from $20 to $150, with “more feature-rich kits,” such as those involving two-factor authentication bypass, commanding a higher price.

OLVX also features a “specialized sales area” that focuses on credentials from specific domains or services, many of them involving pornography.

ADVERTISEMENT

“With over 400 active targets for sale ranging from general user accounts to administrator access, there are numerous high-level accounts for threat actors to utilize,” said ZeroFox, which added that the prevalence of adult websites suggested a “possible social engineering angle for vulnerable individuals.”

ZeroFox urges online shoppers to remain alert this Christmas, only making purchases from known and trusted retailers, and to avoid clicking on any shopping links that mysteriously turn up on social media pages or within unsolicited emails.

“Marketplaces such as OLVX continue to be popular sources from which cybercriminals purchase the tools they need to conduct targeting campaigns,” it said.