Do you know what questions to ask when you're looking for an IT firm? We're here to help. Get the free guide delivered right to your inbox:
Cyberint Research Team has identified the BlackGuard stealer, a new type of malware that targets the gaming community and is being sold in underground forums and Telegram channels, along with new data exfiltration techniques.
We have identified three sellers, who advertise BlackGuard as "a full preparation kit for starting a profitable cybercrime career." The kit includes both technical and marketing material: manuals, a short video, and a technical guide describing how to install the malware, how to launder stolen credit cards and Bitcoins, how to use cryptocurrencies and Bitcoin mixers, etc.
Unlike other stealers that are focused on financial fraud from individuals (credit cards), it appears BlackGuard mainly targets companies. The malware is designed to steal from corporate accounts of popular games, especially those played by the adult gaming community. The malware has many features that will make it hard to detect, including:
Anti-analysis and anti-sandbox features;
Stealth features (constantly changing server addresses);
The ability to update the software through a complex process; and
Compatible with Windows XP and newer versions of Windows. It drops the malicious files to all local users on the system. Then, it uses techniques such as "runPE" in order to achieve its persistence.
Once installed, it sends encrypted data to the configured server and waits for commands from its C&C operator.
The malware targets a variety of games, including World of Warcraft, Second Life, RuneScape, Maplestory and City of Heroes/Villains.