[MART] - Daily Diary #483 - BlackGuard Malware-as-a-Service

[CTAS-MAT]

Hello,
I hope everyone is doing well!

Below is the entry for today.

04/01/2022 - Diary entry #483

BlackGuard is an information stealer written in VB (.NET) under active development. This malware made its first appearance in April 2021. It's very sophisticated, being equipped with a crypto-based packer, base64 decoding, obfuscation, anti-debugging techniques. Its code also checks for the country where its being executed, avoiding causing damage to machines located in any of the Commonwealth of Independent States (CIS) countries. Once executed, it steals information related to crypto wallets, VPNs, messengers, FTP credentials, saved browser credentials, and email clients.

In the last few days, a BlackGuard update was announced for sale on one of the Russian hacking forums. Sold as Malware-as-a-Service (MaaS) they offer a lifetime license priced at $700 and a monthly price of $200. This makes BlackGuard one of the cheapest offered online, given its wide range of features and ability to remain undetected.

BlackGuard is an example of a sophisticated malware that is being offered to the public as a service, a trend that we have covered in many of our recent Daily Diaries. This is terrible for users and companies since it allows unskilled attackers to have access to battle-tested malware without the need to develop their own.

Kind Regards,



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220401/25da5d05/attachment.htm>