Threat actors have been engaging in the trade of the new infostealer malware dubbed "BlackGuard" in Russian underground forums, ZDNet reports
BlackGuard, which is being offered for a monthly fee of $200 or a lifetime subscription of $700, is a "sophisticated" malware that could exfiltrate information, such as saved browser credentials and history, FTP accounts, email client data, autofill content, cryptocurrency credentials, and conversations in different messenger software, including Element, Discord, Tox, Telegram, and Signal, a zScaler report revealed.
Researchers found that the malware also aims for wallet.dat files to steal cryptocurrency wallet addresses and private keys. However, BlackGuard stops exfiltration activities upon detecting operating systems from Russia, Azerbaijan, Belarus
, and other countries in the Commonwealth of Independent States.
"While applications of BlackGuard are not as broad as other stealers, BlackGuard is a growing threat as it continues to be improved and is developing a strong reputation in the underground community," said researchers.