Sophisticated BlackGuard information-stealing malware is being sold on Russian hacking forums for a monthly subscription of $200.
According to ThreatLabz researchers Mitesh Wani and Kaivalya Khursal, the BlackGuard malware is capable of stealing information from Crypto wallets, VPNs, Messengers, FTP credentials, saved browser credentials, and email clients
BlackGuard is under development and boasts a number of anti-analysis, anti-debugging, and anti-evasion features that enables it to kill processes related to antivirus engines and bypass string-based detection. All these features you get from BlackGuard for a lifetime subscription of $700.
The malware is capable of checking IP address of the infected devices by sending a request to the domain “https://ipwhois[.]app/xml/,” and exits itself if the country is one among the Commonwealth of Independent States (CIS).
It steals information stored in browsers that include passwords, cookies, autofill data, and browsing history. The scope of its ability to steal extends to 17 different cold cryptocurrency wallets, and as many as six messaging apps including Telegram, Signal, Tox, Element, Pidgin, and Discord. In addition, the malware targets 21 crypto wallet extensions installed in Chrome and Edge browsers and 3 VPN apps NordVPN, OpenVPN, and ProtonVPN. This results in the compression of this information into a ZIP file and exfiltrated to a remote server.
Earlier Morphisec shared details of another info stealer family called Mars, it is capable of leveraging fraudulent Google Ads for well-known software like OpenOffice to distribute the malware.
The researchers added, “While applications of BlackGuard are not as broad as other stealers, BlackGuard is a growing threat as it continues to be improved and is developing a strong reputation in the underground community.”
Russian Wiper Malware behind recent Cyberattack on Viasat KA-SAT Modems
Bored Ape Yacht Club’s Discord Channel Hacked
Apple Releases macOS, iOS, iPadOS patches for ‘exploited’ security bugs