New malware for stealing BlackGuard information is becoming increasingly popular on hacker forums, which can be purchased once for $700 or rented for $200 per month.
The infostiler is capable of stealing sensitive data from various applications. The malware archives the stolen information into a ZIP archive and sends it to the cybercriminals’ C&C server.
Hackers who subscribe to BlackGuard are given access to a web panel where they can receive stolen data and then use it themselves or sell it to other cybercriminals.
BlackGuard first appeared on Russian-language hacker forums in January 2022, but was distributed only privately for testing. Then the malware was discovered and studied by Zscaler specialists, who drew attention to the sudden jump in its popularity, especially after the shutdown of Raccoon Stealer.
BlackGuard steals passwords, cookies, form autofill data and browsing history from Chrome, Opera, Firefox, MapleStudio, Iridium, 7Star, CentBrowser, Chedot, Vivaldi, Kometa, Elements Browser, Epic Privacy Browser, uCozMedia, Coowon, liebao, QIP Surf, Orbitum, Comodo, Amigo, Torch, Comodo, 360Browser, Maxthon3, K-Melon, Sputnik, Nichrome, CocCoc, Uran, Chromodo, Edge and BraveSoftware.
BlackGuard also steals data from Binance, coin98, Phantom, Mobox, XinPay, Math10, Metamask, BitApp, Guildwallet, iconx, Sollet, Slope Wallet, Starcoin, Swash, Finnie, KEPLR, Crocobit, OXYGEN, Nifty, Liquidity, Auvitas, Math, MTV, Rabet, Ronin, Yoroi browser extensions, ZilPay, Exodus, Terra Station and Jaxx.
The malware steals data from AtomicWallet, BitcoinCore, DashCore, Electrum, Ethereum, Exodus, LitecoinCore, Monero, Jaxx, Zcash, Solar, Zap, AtomicDEX, Binance, Frame, TokenPocket and Wassabi cryptocurrency wallets.
In addition, it is able to extract data from Outlook, Telegram, Signal, Tox, Element, Pidgin, Discord, NordVPN, OpenVPN, ProtonVPN, Totalcommander, Filezilla, WinSCP and Steam.