A new information stealing malware known as BlackGuard has been discovered and is being sold across multiple cybercrime forums for a $700 lifetime access price or a subscription of $200 a month. The stealer can snatch sensitive information from a broad range of applications, pack everything in a ZIP archive and send it to the Command-and-Control (C2) server of the Malware-as-a-Service (MaaS) operation. The purchaser also gets access to a BlackGuard web panel to retrieve the stolen logs and then they can either use them themselves or sell them for profit. According to ZScaler, the malware use has spiked since the shutdown of Raccoon Stealer. Researchers have been able to find samples of BlackGuard being advertised since January 2022.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased