Password Stealing BlackGuard Malware Sold In Russian Hacking Forum Targets A Ton Of Apps

blackguard stealer grabs data from chrome and cryptowallets

In the past year, the increase of malware-as-a-service has spurred significant growth of ransomware, phishing, and information theft attacks. Recently, Zscaler ThreatLabz researchers came across “BlackGuard,” a sophisticated information stealer advertised for sale on Russian hacking forums with a lifetime price of $700 and a monthly price of $200. This low price and ease of access could allow a thrifty threat actor to loot thousands of cryptocurrency wallets, bank accounts, and much with little to no work.

Researchers on the Zscaler ThreatLabz team were surfing hacking forums during research activities and happened to stumble upon the rising BlackGuard stealer.  Of course, the popular – yet relatively new – software warranted investigation, and what was found is quite impressive.  The researchers explain that BlackGuard first looks for and kills processes related to antivirus and sandboxing, which could partially prevent researchers from investigating the malware. After this, the malware checks to see if it is on a computer in the Commonwealth of Independent States, including countries like Russia and Ukraine. If that is not the case, the malware collects information from hardcoded installation paths of browsers like Chrome and Firefox, crypto-wallets and crypto-wallet extensions, email clients, and other applications like Discord.

bg dashboard blackguard stealer grabs data from chrome and cryptowallets

Despite its capabilities, the Zscaler team also reports that BlackGuard is not as broad as other stealers but has grown as a threat because “it continues to be improved and is developing a strong reputation in the underground community.” However, administrators and security teams can combat the risks by implementing good password hygiene, multi-factor authentication, and instructing users not to visit or open unknown sites or files.

bg forum blackguard stealer grabs data from chrome and cryptowallets

In any event, the rise in malware-as-a-service and the ease with which a threat actor can target people is quite concerning. However, there are some recognized weaknesses in BlackGuard which will hopefully help defenders and antivirus programs detect and nuke the malware before it becomes a larger problem.