Meet Oski Stealer: In-depth Analysis Of the Popular Credential Stealer

The main objective of this malware is to actively acquire confidential and sensitive data, consisting of users’ official names, passwords of their systems, and financial information. 

Credential theft Malware is something that can cause destruction to a computer system and its network. The threat actors just don’t use this malware to steal passwords, but also to delete files and render computers inoperable. Potentially, malware can lead to infections which in turn can cause many problems that affect daily operations and the long-term security of affected organizations. 

‘The Oski stealer’, is a credentials stealer, first, it was reported in November 2019. As the name suggests, ‘the Oski stealer’ works as a big information stealer consisting of personal and sensitive information from its victims. ‘Oski’, the name has been derived from an old Nordic word, meaning ‘Viking warrior’, which is quite fitting considering this popular info-stealer is extremely effective at pillaging privileged information from its targets.  

As per the sources, “the ‘Oski’ stealer’ is a classic information stealer platform that is being sold on Russian underground hacking forums at a low price of $70-$100. The stealer is written in C++ and it has all the typical features of credential theft malware”. 

According to the research, ‘Oski’ targets sensitive information including: 

• Login credentials from different applications 

• System information 

• Browser information (cookies, autofill data, and credit cards) 

• Screenshots 

• Crypto wallets 

• Different user files 

Besides, the stealer can also work as a Downloader to download a second-stage malware with modification of tools. 

Every infection involving three parties: 

1. Malware authors 

2. Malware customers 

3. Malware victims 

The customers contact ‘Oski actors’ on underground forums to buy the malware and, once purchased, they customize it and disperse it to their targets. Oski has become popular and has built a strong reputation within the underground community, with many of its buyers on regular basis providing positive feedback and reviews about the functions of the malware. 

While giving further insights, sources from Intelligence said, “Even we have to admit that Oski’s functionality works pretty well. From setting up and checking the environment to stealing information by application type, Oski’s code is written with purpose and care. The code is neat and clean, without any presence of useless code lines, however, it does lack sophisticated anti-analysis tricks like anti-debugging and dynamic anti-analysis tricks”.