Oski

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Oski is a type of malware, specifically a stealer, that emerged as a clone of the Vidar malware, following the latter's leak. It was created to exploit and damage computer systems by infiltrating through suspicious downloads, emails, or websites, often unbeknownst to the user. Once it gains access to a system, Oski can steal personal information, disrupt operations, or even hold data hostage for ransom. Notable clones of Vidar include Oski and Mars Stealers, a proliferation likely due to the original malware being cracked. The rise of Oski and similar malware has seen a shift towards more buying and selling of logs for these popular stealers on dedicated Telegram channels. Secureworks found that RedLine, Anubis, SpiderMan, and Oski Stealer are prominently represented on this platform. This trend suggests that Telegram has benefited from the increased activity and popularity of these types of malware. However, both Oski and Mars stealers are currently considered to be defunct. These malware variants, including Oski, have incorporated verification features similar to their predecessors, Arkei and Vidar, as noted by Elastic. The creation of these strains follows a pattern of copying and modifying existing malware, with Vidar itself being a copycat of Arkei. Despite their eventual obsolescence, the impact of these malware strains highlights the continual evolution and threat of malicious software.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Vidar
2
Vidar is a Windows-based malware written in C++, derived from the Arkei stealer, which is designed to infiltrate and exploit computer systems. It has been used alongside other malware variants such as Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo, DiceLoader, AresLoader, LummaC2,
Mars
1
Mars is a malicious software (malware) that has been discovered by Trend Micro's Mobile Application Reputation Service (MARS) team. This malware is particularly damaging as it involves two new Android malware families related to cryptocurrency mining and financially-motivated scam campaigns, targeti
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Telegram
Secureworks
Malware
Loki
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
RedlineUnspecified
1
RedLine is a notorious malware, discovered in March 2020, designed to exploit computer systems and steal sensitive personal information such as login credentials, cryptocurrency wallets, and financial data. It exports this stolen data to its command-and-control infrastructure. The malware has been u
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Oski Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Data log thefts explode as infostealers gain popularity with cybercriminals
Flashpoint
10 months ago
“RisePro” Stealer and Pay-Per-Install Malware “PrivateLoader”
CERT-EU
a year ago
Russian cybercriminals spread new Lobshot banking trojan via Google ads
Flashpoint
6 months ago
The Evolution and Rise of Stealer Malware
Secureworks
a year ago
The Growing Threat from Infostealers