Risk Assessments/Management, Breach, Threat Management

New BlackGuard infostealer examined

Threat actors have been engaging in the trade of the new infostealer malware dubbed "BlackGuard" in Russian underground forums, ZDNet reports. BlackGuard, which is being offered for a monthly fee of $200 or a lifetime subscription of $700, is a "sophisticated" malware that could exfiltrate information, such as saved browser credentials and history, FTP accounts, email client data, autofill content, cryptocurrency credentials, and conversations in different messenger software, including Element, Discord, Tox, Telegram, and Signal, a zScaler report revealed. Researchers found that the malware also aims for wallet.dat files to steal cryptocurrency wallet addresses and private keys. However, BlackGuard stops exfiltration activities upon detecting operating systems from Russia, Azerbaijan, Belarus, and other countries in the Commonwealth of Independent States. "While applications of BlackGuard are not as broad as other stealers, BlackGuard is a growing threat as it continues to be improved and is developing a strong reputation in the underground community," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.