HQ/EMEAFind out how we can help your business
Researchers discovered that the Blackguard Stealer malware has new features and upgraded capabilities. The Blackguard developers included new features such as USB propagation, persistence protocol, payload infection, and crypto wallet infection to its infectious capabilities.
The latest malware variant contains a clipper module that could behave as a crypto wallet hijacker. Its operators could now hijack crypto wallets on a targeted clipboard and replace it with their address to redirect the cryptocurrency transactions to their controlled wallets.
In addition, the new variant could propagate itself through USB sticks and removable devices to infect other systems.
Furthermore, the latest BlackGuard variant could download additional payloads from its command-and-control server and execute them directly in the compromised system’s memory through process hollowing.
This strategy enables the threat actors to bypass security detection from any solution on a targeted system.
Two of the earlier-mentioned features focus on establishing persistence. The malware duplicates itself to every folder in the C:\ location, giving each copy a random name. The malware also adds to the Run registry key to remaining in the system even after reboots.
The BlackGuard Stealer could target numerous search engines.
According to investigations, the BlackGuard Stealer targets well-known browsers like Chrome, ChromePlus, Edge, Edge Beta, Iridium, Chedot, CentBrowser, and 7Star. The attackers target these browsers to steal their crypto add-ons data.
This group’s confirmed targeted wallets are BitcoinCore, Binance, Armory, DashCore, Atomic, Electrum, Exodus crypto, Guarda, LiteCoinCore, Ethereum, Zcash, and Zap.
BlackGuard also targets several extensions, such as Auvitas, BitApp, Phantom, Metamask, Slope Wallet, Guild, Binance, Starcoin, Ronin, Swash, and Zecrey.
Researchers enumerated that the actors have primarily used Discord, Telegram, WhatsApp, and Pidgin for their campaigns.
The developers of this latest version of BlackGuard showed their efforts in adding new capabilities and tools to make their malware more infectious and elusive. The latest variant indicates that the attackers could execute new strategies to a broad threat scope.
Users and researchers should be wary of the threats posed by the BlackGuard Stealer.
