Experts Shed Light on BlackGuard Infostealer Malware Sold on Russian Hacking Forums

A previously undocumented “sophisticated” information-stealing malware named BlackGuard is being advertised for sale on Russian underground forums for a monthly subscription of $200.

“BlackGuard has the capability to steal all types of information related to Crypto wallets, VPN, Messengers, FTP credentials, saved browser credentials, and email clients,” Zscaler ThreatLabz researchers Mitesh Wani and Kaivalya Khursale said in a report published last week.

Also sold for a lifetime price of $700, BlackGuard is designed as a . NET-based malware that’s actively under development, boasting of a number of anti-analysis, anti-debugging, and anti-evasion features that allows it to kill processes related to antivirus engines and bypass string-based detection.

What’s more, it checks the IP address of the infected devices by sending a request to the domain “https://ipwhois[.]app/XML/,” and exits itself if the country is one among the Commonwealth of Independent States (CIS).

BlackGuard’s extensive functionality means it can amass information stored in browsers, such as passwords, cookies, autofill data, browsing history, 17 different cold cryptocurrency wallets, and as many as six messaging apps, including Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *