BlackGuard, a New Info-Stealer, for Sale on Russian Hacking Forums
A “Sophisticated” Malware with Obfuscation and Antibugging Capabilities.
A new info-stealer malware dubbed BlackGuard has been identified by security analysts. It seems that it’s put up for sale on Russian hacking forums, according to the researchers who discovered it.
BlackGuard Advertised for Sale
The malware has been described by the ZScaler experts, who published a report on this topic, as “sophisticated”, its monthly price on underground forums rising up to no less than $200.
While recently perusing one of these hacking forums during regular research activities, the Zscaler ThreatLabz team came across BlackGuard, a sophisticated stealer, advertised for sale. Blackguard is currently being sold as malware-as-a-service with a lifetime price of $700 and a monthly price of $200. BlackGuard has the capability to steal all types of information related to Crypto wallets, VPN, Messengers, FTP credentials, saved browser credentials, and email clients.
How Does BlackGuard Work?
According to the experts’ analysis, the BlackGuard malware targets files like wallet.dat for cryptocurrency theft purposes. These types of wallets may contain wallet addresses and private keys. What’s more, is that Chrome and Edge extensions for crypto wallets can become targets too.
BlackGuard which is written in.NET, is currently under active development. However, it already owns the following functionalities:
- Base64 encoding;
- A crypto-based packer.
Put together these capabilities work against reverse engineering analysis.
The malware will also inspect the operating system’s processes and try to block any actions linked to antivirus software or sandboxing once it landed on a vulnerable workstation.
What Are Blackguard Targets?
According to ZDNet, if the OS appears to be in a CIS country, such as Russia, Belarus, or Azerbaijan, the virus will be removed.
If an exit isn’t required, the infostealer gathers all available data, compresses it into a .zip archive, and delivers it to a command-and-control (C2) server via a POST request.
While applications of BlackGuard are not as broad as other stealers, BlackGuard is a growing threat as it continues to be improved and is developing a strong reputation in the underground community.
How to Combat BlackGuard
The experts advise security teams to perform traffic analysis and employ security tools that work on malware prevention as antivirus and sandboxing to mitigate BlackGuard. They also recommended that end-users make sure they use unique passwords for the services they access and that these are changed on a regular basis, that they implement multi-factor authentication, and stay away from unknown sites and suspicious files.
How Can Heimdal™ Help?
If you’re curious to find out more about Heimdal’s suite, you’ll see we have a broad range of efficient security solutions.
Use our awarded Threat Prevention, named Best Cloud-Delivered Security Solution in 2021, to efficiently protect your company’s DNS governance setup, as threats at the domain name system level are so frequent nowadays. You can also use Heimdal Next-Gen Antivirus too to proactively detect sophisticated online threats.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.