Articles Password thief BlackGuard gaining popularity on hacker forums

Password thief BlackGuard gaining popularity on hacker forums


The attention of information security specialists was attracted by a new malicious software for stealing information, BlackGuard. The malware is sold on numerous marketplaces and dark web forums for $700 for a lifetime license or $200 per month.

Analysts at Zscaler  have already studied the malware that became popular after the unexpected shutdown of competing malware Raccoon Stealer. In turn, Bleeping Computer reports that BlackGuard was first seen on Russian-language hack forums in January 2022, but then it was distributed privately and was at the testing stage.

Like other modern infostealers, BlackGuard steals data from almost any application that processes sensitive user data, with a focus on cryptocurrencies. In an infected system, BlackGuard looks for the following applications, trying to steal user data from them:

  • Browsers : passwords, cookies, autofill and history from Chrome, Opera, Firefox, MapleStudio, Iridium, 7Star, CentBrowser, Chedot, Vivaldi, Kometa, Elements Browser, Epic Privacy Browser, uCozMedia, Coowon, liebao, QIP Surf, Orbitum, Comodo , Amigo, Torch, Comodo, 360Browser, Maxthon3, K-Melon, Sputnik, Nichrome, CocCoc, Uran, Chromodo, Edge, BraveSoftware.
  • Browser Wallets : Binance, coin98, Phantom, Mobox, XinPay, Math10, Metamask, BitApp, Guildwallet, iconx, Sollet, Slope Wallet, Starcoin, Swash, Finnie, KEPLR, Crocobit, OXYGEN, Nifty, Liquality, Auvitas wallet, Math wallet, MTV wallet, Rabet wallet, Ronin wallet, Yoroi wallet, ZilPay wallet, Exodus, Terra Station, Jaxx.
  • Cryptocurrency wallets : AtomicWallet, BitcoinCore, DashCore, Electrum, Ethereum, Exodus, LitecoinCore, Monero, Jaxx, Zcash, Solar, Zap, AtomicDEX, Binance, Frame, TokenPocket, Wassabi.
  • Email : Outlook.
  • Messengers : Telegram, Signal, Tox, Element, Pidgin, Discord.
  • Other : NordVPN, OpenVPN, ProtonVpn, Totalcommander, Filezilla, WinSCP, Steam.

The information collected from the victim is packaged in a ZIP file and sent to the attackers’ C&C server via a POST request, along with a system profile report that assigns a unique identifier to the victim’s equipment.

In terms of evading BlackGuard security solutions are still under development, but some mechanisms to avoid detection and analysis are already in place. So, the malware is packaged using a crypter, and the code is obfuscated using base64. Also, any antiviruses in the system are successfully detected by a malicious program that tries to kill their processes and stop their work.

In addition, BlackGuard checks the victim’s IP address, and if the victim works from the territory of Russia or the CIS countries, then the malware stops and exits.

Daria Romana Pop, Threat Analyst at KELA, shared her thoughts on BlackGuard with Bleeping Computer:

“The BlackGuard stealer was launched in early 2021, and cybercriminals are constantly testing the capabilities of such malicious tools and are not shy about demanding [developers] quality upgrades and other improvements. KELA has come across several threads where users have complained about BlackGuard not being able to properly avoid detection. As in any other business, the developers promised them to release an updated version as soon as possible.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you