A nasty new malware strain has recently been spotted in the wild by researchers at zScaler.
Dubbed “BlackGuard” the malicious code has been found on a variety of Russian underground Blackhat forums. It is offered as a service and anyone criminally-minded can access the code for the bargain price of just $200 a month.
Because the malware is quite new the yet unknown authors are also selling lifetime subscriptions for just $700 in a bid to rapidly grow the code’s user base and get their name circulating in the global hacking community.
BlackGuard isn’t an inherently destructive form of malware. It is classified as an Infostealer and its main purpose is to harvest as much valuable information as possible when it lands on a target system.
Most Infostealers tend to be somewhat generalized while siphoning up data ranging from OS details, network traffic statistics, users’ contact lists, and of course, harvesting various login credentials (with a preference for account details users use to log into various financial institutions). BlackGuard’s focus is a bit different.
zScaler reports that this code steals any login credentials stored in whatever web browser the user has along with that user’s browsing history, email client data, any autofill content, and all conversations in messenger software.
In addition to that, it also targets login credentials and other account information for popular Messengers including Tox, Element, Discord, Signal, and Telegram. If that wasn’t bad enough, BlackGuard is also designed to pilfer cryptocurrency wallet information including wallet browser extensions for both Microsoft Edge and Google Chrome.
The zScaler team remarked that although BlackGuard’s capabilities are not yet as broad-based as many Infostealers, the malicious code is extremely well-designed. It’s clear that the developers know what they’re doing, and they seem to have a well-crafted plan to grow the popularity of their new creation.
Keep an eye on this one. We’re almost certain to hear more about it in the months ahead.