Meet Oski Stealer: In-depth Analysis Of the Popular Credential Stealer

Meet Oski Stealer: In-depth Analysis Of the Popular Credential Stealer


In the current scenario credential theft malware is one of the most frequently employed malware in cyber hacking. Many government and non-government organizations are becoming victims of such attacks as employees are being attacked for their credentials. 

The main objective of this malware is to actively acquire confidential and sensitive data, consisting of users' official names, passwords of their systems, and financial information. 

Credential theft Malware is something that can cause destruction to a computer system and its network. The threat actors just don’t use this malware to steal passwords, but also to delete files and render computers inoperable. Potentially, malware can lead to infections which in turn can cause many problems that affect daily operations and the long-term security of affected organizations. 

‘The Oski stealer’, is a credentials stealer, first, it was reported in November 2019. As the name suggests, ‘the Oski stealer’ works as a big information stealer consisting of personal and sensitive information from its victims. 'Oski', the name has been derived from an old Nordic word, meaning ‘Viking warrior’, which is quite fitting considering this popular info-stealer is extremely effective at pillaging privileged information from its targets.  

As per the sources, “the ‘Oski’ stealer’ is a classic information stealer platform that is being sold on Russian underground hacking forums at a low price of $70-$100. The stealer is written in C++ and it has all the typical features of credential theft malware”. 

According to the research, ‘Oski’ targets sensitive information including: 

• Login credentials from different applications 


• System information 


• Browser information (cookies, autofill data, and credit cards) 


• Screenshots 


• Crypto wallets 


• Different user files 

Besides, the stealer can also work as a Downloader to download a second-stage malware with modification ..