A new infostealer dubbed BlackGuard is found available for sale on a Russian dark web forum amounting to $200 per monthly subscription, which researchers describe as a sophisticated malware strain.
These infostealers are intended for data harvesting, such as system information, screenshots, sensitive credentials, contact lists, network traffic, banking, financial data, etc. An array of malware, exploit kits, and malicious software are offered in underground marketplaces, where cybercriminals assemble to buy their attack tools.
For the BlackGuard infostealer, its developers offer it on a subscription or lifetime basis, where buyers can purchase it for $200 per month or $700 for unlimited use.
This new infostealer can steal its victims’ sensitive data, such as their browser histories and credentials, FTP accounts, chat applications conversation logs, autofill data, email client data, cryptocurrency funds, and other useful information for the threat actors. Based on an analysis, the social messenger applications targeted by this infostealer include Discord, Telegram, Tox, Element, and Signal.
For cryptocurrency theft, BlackGuard is designed to target the wallet.dat file inside the victims’ system containing their wallet addresses and private keys. Since the infostealer is fortified with a crypto-based packer, anti-bugging tools, base64 decoding, and obfuscation, experts’ reverse-engineering techniques might be a challenging task for them.
The infostealer could also stop antivirus or sandboxing software by checking the operating system processes upon landing on its targeted vulnerable computers. Nonetheless, the malware is selective in its targets since it avoids operating systems from Russia, Azerbaijan, Belarus, or any Commonwealth of Independent States (CIS) country.
Researchers explained that despite the BlackGuard infostealer’s limited capabilities, it would continue to grow as a threat and soon develop a strong reputation in the cybercrime landscape. This impression is based on how infostealers could work independently or partner up with other malware strains, like ransomware or trojan, to empower them more in conducting attacks.
