A new cybercrime marketplace, OLVX, has emerged and is quickly gaining new customers looking to purchase tools to conduct online fraud and cyberattacks.
OLVX follows a recent trend where cybercrime marketplaces are increasingly hosted on the clearnet instead of the dark web, making them more accessible to a broader range of users and possible to promote through search engine optimization (SEO).
ZeroFox researchers, who first identified OLVX in early July 2023, have reported a substantial uptick in activity on the new marketplace in the fall, noting a rise in both sellers and buyers.
This rise in OLVX’s popularity is attributed to SEO efforts from the market’s admins, advertisements on hacker forums, promotion through the platform’s dedicated Telegram channel, and the hacking community’s “word of mouth.”.
“While the OLVX marketplace offers thousands of individual products across numerous categories, its site administrators maintain relationships with various cybercriminals who create custom toolkits and can obtain specialized files, thereby furthering OLVX’s ability to maintain and attract customers to the platform.” explains ZeroFox.
Buying on OLVX
OLVX does not use an escrow service like most markets of this kind, but instead offers a “deposit to direct payment” system supporting Bitcoin, Monero, Ethereum, Litecoin, TRON, Bitcoin Cash, Binance Coin, and Perfect Money.
This encourages additional spending for the users as funds are constantly available, so browsing leads to more frequent purchases.
Customers running low on funds are urged to “top-off” their accounts using a time-limited anonymized cryptocurrency address to maintain privacy and security.
While deposited funds make it easier to make purchases, they also make it easier for the marketplace operators to perform an exit scam to steal all deposited cryptocurrency.
What’s on sale
OLVX hosts thousands of low-cost digital items, software, and services to conduct cybercrime or enhance existing operations.
The items sold on OLVX can be summarized as follows:
- Access to compromised legitimate websites worldwide, with the ability to verify the connection before purchase. Prices are as low as under $5.
- Over 6,000 active cPanel accesses are available, presumably from compromised sites. Details like country, domain, hosting provider, and rankings are provided, with prices generally under $10.
- Compromised Remote Desktop Protocol and Secure Shell access to potentially legitimate servers, priced under $10, with verification of credentials’ validity before purchase. Pricing varies based on access level and system specs.
- Over 1,000 compromised SMTP accounts and scripts for running email campaigns, with prices less than $10.
- Over 8,000 compromised webmail credentials, allowing for searches of specific domains needed for social engineering attacks, priced at just a few dollars.
- Bulk lists containing email addresses and compromised credentials, used for large-scale attacks like phishing or brute force, priced between $1-200 depending on the database size, target, and country.
- Credentials from specific domains/services, including user to administrator access, with prices varying. Items for sale include accounts from adult websites, providing a social engineering angle.
- Pre-developed phishing kits, some with advanced features like 2FA bypass, priced up to $150 for feature-rich kits and below $20 for general pages. The kits target various sectors, including retail and finance.
Independently verifying the validity and quality of the above is impossible, given the nature of the platform.
However, OLVX’s rising popularity and reputable standing lend credibility to the authenticity of most available items.
Zerofox reports that activity on the platform culminates as we approach the holiday shopping period, so buyers are advised to maintain heightened vigilance to identify and avoid scams.