A new variant of the BlackGuard stealer has been spotted in the wild, featuring new capabilities like USB propagation, persistence mechanisms, loading additional payloads in memory, and targeting additional crypto wallets.
BlackGuard was first spotted by Zscaler
in March 2022, who reported that the malware was sold to cyber criminals on Russian-speaking forums as a MaaS (malware-as-a-service) for $200/month or a lifetime price of $700.
The new stealer appeared shortly after the original
Raccoon Stealer MaaS operation shut down, enjoying good adoption rates while offering extensive app-targeting capabilities.
This new version of BlackGuard stealer was discovered by
analysts at AT&T, who warn that the malware is still very active, with its authors constantly improving it while keeping the subscription cost stable.
