A previously undocumented “sophisticated” information-stealing malware named BlackGuard is being advertised for sale on Russian underground forums for a monthly subscription of $200.
“BlackGuard has the capability to steal all types of information related to Crypto wallets, VPN, Messengers, FTP credentials, saved browser credentials, and email clients,” Zscaler ThreatLabz researchers Mitesh Wani and Kaivalya Khursale said in a report published last week.
Also sold for a lifetime price of $700, BlackGuard is designed as a .NET-based malware that’s actively under development, boasting of a number of anti-analysis, anti-debugging, and anti-evasion features that allows it to kill processes related to antivirus engines and bypass string-based detection.
What’s more, it checks the IP address of the infected devices by sending a request to the domain “https://ipwhois[.]app/xml/,” and exit itself if the country is one among the Commonwealth of Independent States (CIS).
images from Hacker News