BlackGuard Malware as a Service sold in Russian Forums

Zscaler ThreatLabz team came across BlackGuard, a sophisticated stealer, advertised for sale. Blackguard is currently being sold as malware-as-a-service with a lifetime price of $700 and a monthly price of $200.

BlackGuard has the capability to steal all types of information related to Crypto wallets, VPN, Messengers, FTP credentials, saved browser credentials, and email clients.

Targeted Applications:

Browsers:

Chrome, Opera, Firefox, MapleStudio, Iridium, 7Star, CentBrowser, Chedot, Vivaldi, Kometa, Elements Browser, Epic Privacy Browser, uCozMedia, Coowon, liebao, QIP Surf, Orbitum, Comodo, Amigo, Torch, Comodo, 360Browser, Maxthon3, K-Melon, Sputnik, Nichrome, CocCoc, Uran, Chromodo, Edge, BraveSoftware.

Crypto Wallets:

AtomicWallet, BitcoinCore, DashCore, Electrum, Ethereum, Exodus, LitecoinCore, Monero, Jaxx, Zcash, Solar, Zap, AtomicDEX, Binance, Frame, TokenPocket, Wassabi.

Crypto Wallet Extensions:

Binance, coin98, Phantom, Mobox, XinPay, Math10, Metamask, BitApp, Guildwallet, iconx, Sollet, Slope Wallet, Starcoin, Swash, Finnie, KEPLR, Crocobit, OXYGEN, Nifty, Liquality, Auvitas wallet, Math wallet, MTV wallet, Rabet wallet, Ronin wallet, Yoroi wallet, ZilPay wallet, Exodus, Terra Station, Jaxx.

Email Clients:

Outlook

Other Applications:

NordVPN, OpenVPN, ProtonVpn, Totalcomander, Filezilla, WinSCP, Steam

Messengers:

Telegram, Signal, Tox, Element, Pidgin, Discord

Despite its capabilities, Zscaler team also reports that BlackGuard is not as broad as other stealers but has grown as a threat because “it continues to be improved and is developing a strong reputation in the underground community.” Administrators and security teams can combat the risks by implementing good password hygiene, multi-factor authentication, and instructing users not to visit or open unknown sites or files.

Indicators of Compromise