A new information stealing malware known as BlackGuard has been discovered and is being sold across multiple cybercrime forums for a $700 lifetime access price or a subscription of $200 a month. The stealer can snatch sensitive information from a broad range of applications, pack everything in a ZIP archive and send it to the Command-and-Control (C2) server of the Malware-as-a-Service (MaaS) operation. The purchaser also gets access to a BlackGuard web panel to retrieve the stolen logs and then they can either use them themselves or sell them for profit. According to ZScaler, the malware use has spiked since the shutdown of Raccoon Stealer. Researchers have been able to find samples of BlackGuard being advertised since January 2022.
The use of information stealing malware has been on the rise. The shutdown of Raccoon Stealer opened a gap for other MaaS operators to launch their operations. Like many information stealing malware variants, BlackGuard comes with features designed to evade detection and according to researchers, more features are to come. Organizations should remind users to always be cautious of any unknown websites they are visiting or that are sent to them in email, and that they should avoid downloading unknown files.