Meet BlackGuard: a new infostealer peddled on Russian hacker forums

Meet BlackGuard: a new infostealer peddled on Russian hacker forums

Trending 8 months ago 64

Researchers person uncovered a caller infostealer malware being peddled successful Russian underground forums. 

Dubbed BlackGuard, zScaler says that the caller malware strain is "sophisticated" and has been made disposable to transgression buyers for a monthly terms of $200. 

Infostealers are forms of malware designed to harvest invaluable data, perchance including operating strategy information, interaction lists, screenshots, web traffic, and online relationship credentials including those utilized to entree fiscal services and banking. 

A scope of malicious bundle and exploit kits are sold each time underground, immoderate of which are purchased outright. In contrast, others are offered connected a malware-as-a-service (MaaS) basis: subscribers wage connected a weekly, monthly, oregon yearly basis, and the developer keeps their malicious creations updated successful return.

Perhaps to physique a lawsuit basal for this malware, oregon to make currency quickly, BlackGuard is besides being sold for $700 successful instrumentality for a beingness subscription. 

screenshot-2022-03-31-at-14-30-11.png zScaler

According to the cybersecurity researchers, BlackGuard tin bargain information, including saved browser credentials and history, email lawsuit data, FTP accounts, autofill content, conversations successful messenger software, cryptocurrency credentials, and different relationship information. Messengers targeted see Telegram, Signal, Tox, Element, and Discord.

When it comes to cryptocurrency theft, the malware volition people files specified arsenic wallet.dat that whitethorn incorporate wallet addresses and backstage keys. BlackGuard whitethorn besides spell aft Chrome and Edge cryptocurrency wallet browser extensions.

Written successful .NET, the infostealer is inactive successful progressive improvement but is already equipped with a crypto-based packer, base64 decoding, obfuscation, and antibugging capabilities to marque reverse-engineering much difficult. 

Once it lands connected a susceptible machine, the malware volition besides cheque the operating system's processes and volition effort to halt immoderate activities related to antivirus bundle oregon sandboxing. 

The infostealer is besides selective erstwhile it comes to its targets. For example, the malware volition exit if the OS appears to beryllium located successful a CIS country, specified arsenic Russia, Belarus, oregon Azerbaijan. 

If an exit isn't necessary, the infostealer past grabs each of the accusation it can, packages it up into a .zip archive, and sends it to a command-and-control (C2) server done a POST request. 

"While applications of BlackGuard are not arsenic wide arsenic different stealers, BlackGuard is simply a increasing menace arsenic it continues to beryllium improved and is processing a beardown estimation successful the underground community," the researchers say. 

Infostealers tin beryllium utilized connected their ain oregon packaged up with different forms of malware, specified arsenic Trojans oregon ransomware variants. 

In different malware news, researchers from Aqua Security person precocious uncovered a caller strain of ransomware designed to people Jupyter Notebook environments. 

Previous and related sum

Have a tip? Get successful interaction securely via WhatsApp | Signal astatine +447713 025 499, oregon implicit astatine Keybase: charlie0

style="display:block" data-ad-client="ca-pub-6050020371266145" data-ad-slot="7414032534" data-ad-format="auto" data-full-width-responsive="true">