A new cybercrime marketplace, OLVX, has arrived and is rapidly gaining new customers looking to purchase tools to commit online fraud and cyberattacks.
OLVX follows the recent trend of cybercrime marketplaces increasingly being hosted on the clearnet rather than the dark web, making them more accessible to a wider audience and able to be promoted through search engine optimization (SEO). Become.
ZeroFox researchers, who first identified OLVX in early July 2023, reported a significant increase in new market activity in the fall, noting an increase in both sellers and buyers.
This rise in OLVX’s popularity can be attributed to SEO efforts by market administrators, advertising on hacker forums, promotion through the platform’s dedicated Telegram channel, and “word of mouth” in the hacking community.
Source: Zerofox
“While the OLVX Marketplace offers thousands of individual products across numerous categories, site administrators have created custom toolkits and established relationships with various cybercriminals who have access to specialized files. “This strengthens OLVX’s ability to maintain its platform and attract customers,” ZeroFox explains.
Buy at OLVX
OLVX does not use an escrow service like most marketplaces of this kind, but instead offers “direct payments” that support Bitcoin, Monero, Ethereum, Litecoin, Tron, Bitcoin Cash, Binance Coin, and Perfect Money. We offer a deposit system.
This encourages users to spend more, as funds are always available, and browsing leads to more frequent purchases.
Customers who are low on funds are encouraged to “top off” their accounts using a time-limited anonymized cryptocurrency address to maintain privacy and security.
Source: Zerofox
While the deposited funds make it easier to make purchases, it also makes it easier for marketplace operators to perform exit scams that steal all deposited cryptocurrencies.
what is on sale
OLVX hosts thousands of low-cost digital items, software, and services to carry out cybercrime or enhance existing operations.
Items sold at OLVX can be summarized as follows:
- access to Legitimate websites that have been compromised Available worldwide, you can check your connection before purchasing. The price is cheap, less than $5.
- Over 6,000 Active c panel access It is probably available from a compromised site. Details such as country, domain, hosting provider, and ranking are provided, and the price is usually less than $10.
- compromised remote desktop protocol and secure shell access Delivered to potentially legitimate servers priced under $10, with credentials verified for validity prior to purchase. Prices vary depending on access level and system specifications.
- Over 1,000 compromised SMTP account There are also scripts for running email campaigns that cost less than $10.
- Over 8,000 compromised Webmail credentialsallows you to search for specific domains needed for social engineering attacks for just a few dollars.
- Bulk list containing Email addresses and leaked credentialsused for large-scale attacks such as phishing and brute force, and costs between $1 and $200 depending on database size, target, and country.
- Credentials from specific domains/services, includes user-to-admin access, and prices vary. Items for sale include adult website accounts and are offered for social engineering purposes.
- Pre-developed fishing kitsome have advanced features such as 2FA bypass, prices range from up to $150 for feature-rich kits to less than $20 for general pages. This kit targets various sectors such as retail and finance.
Source: Zerofox
Given the nature of the platform, it is not possible to independently verify the effectiveness and quality of the above.
However, OLVX’s growing popularity and reputable status has increased the reliability of most items available.
Zerofox reports that activity on the platform peaks as the holiday shopping period approaches, so buyers are advised to be more vigilant to identify and avoid scams.