Zscaler ThreatLabz researchers have discovered sophisticated new info stealing malware available as malware-as-a-service on Russian hacking forums.
In a report published last week, Zscaler researchers Mitesh Wani and Kaivalya Khursale explained the functionalities and capabilities of new info stealer malware on the block, which they have dubbed BlackGuard.
According to their analysis, this malware is up for sale on several Russian underground forums at a monthly subscription fee of $200, and a lifetime subscription costs $700.
Researchers revealed that BlackGuard could steal all types of information from a device, including VPN, crypto wallets, installed Messengers, browser credentials saved on the device, FTP credentials, and email clients.
This means the malware can collect sensitive data, such as cookies, passwords, browsing history, and autofill data. Moreover, it can collect information from seventeen different crypto wallets and at least six messaging apps, including Tox, Signal, Discord, Telegram, Element, and Pidgin.
Additionally, the malware can target around 21 cryptocurrency wallet extensions installed in Edge, Chrome, and other Gecko-based browsers and three VPN applications – OpenVPN, NordVPN, and ProtonVPN. It compresses the results into a ZIP archive and sends them to a remote server.
BlackGuard is Still Under Development
In a blog post, researchers state that BlackGuard is currently under active development. The malicious information stealer is designed as a .NET-based malware and boasts anti-analysis, anti-debugging, and anti-evasion capabilities.
Through these features, the malware can kill processes of antivirus engines and even evade string-based detection. It checks the infected device’s IP address by sending a request to a domain (hipwhoisapp/xml/) and exits if the device is in any Commonwealth of Independent States. Though the malware’s application is somewhat limited, researchers claim it to be a “growing threat.”
While applications of BlackGuard are not as broad as other stealers, BlackGuard is a growing threat as it continues to be improved and is developing a strong reputation in the underground community.
More Russian Malware News
- Suspects Behind Nazi-loving Android Malware Arrested in Russia
- Russian hacker pleads guilty to planting malware in Tesla Gigafactory
- Russian Hackers Control Malware via Britney Spears Instagram Posts
- Hackers hit Russian ministry, rocket center using MSHTML vulnerability
- Russia launched Triton malware to sabotage the Saudi petrochemical plant