Zscaler ThreatLabz researchers have discovered sophisticated new info stealing malware available as malware-as-a-service on Russian hacking forums.
In a report published last week, Zscaler researchers Mitesh Wani and Kaivalya Khursale explained the functionalities and capabilities of new info stealer malware on the block, which they have dubbed BlackGuard.
According to their analysis, this malware is up for sale on several Russian underground forums at a monthly subscription fee of $200, and a lifetime subscription costs $700.
Researchers revealed that BlackGuard could steal all types of information from a device, including VPN, crypto wallets, installed Messengers, browser credentials saved on the device, FTP credentials, and email clients.
This means the malware can collect sensitive data, such as cookies, passwords, browsing history, and autofill data. Moreover, it can collect information from seventeen different crypto wallets and at least six messaging apps, including Tox, Signal, Discord, Telegram, Element, and Pidgin.
Additionally, the malware can target around 21 cryptocurrency wallet extensions installed in Edge, Chrome, and other Gecko-based browsers and three VPN applications – OpenVPN, NordVPN, and ProtonVPN. It compresses the results into a ZIP archive and sends them to a remote server.