data breachCybersecurity researchers have recently discovered a new strain of malware in the wild.

The malicious code, known as "BlackGuard", has been discovered on numerous Russian underground Blackhat forums. The code is available as a free service, and anyone with criminal intent can access it for $200 per month.

The malware is still quite new so the unknown authors are selling lifetime subscriptions for $700. This is in an effort to quickly grow the code's userbase and get their name out there in the hacking community.

BlackGuard is not an inherently dangerous form of malware. It is classified as an Infostealer, and its primary purpose is to extract as much valuable information from target systems as possible.

Infostealers are generally quite generalist in siphoning data. This includes OS details, network traffic statistics and users' contacts lists. They also harvest various login credentials, with a preference for accounts details that users use to log into different financial institutions. BlackGuard is slightly different.

zScaler reports this code can steal login credentials from any web browser, along with browsing history, email client data, and any conversations in messenger software.

It also targets login credentials as well as other account information for popular Messengers such As Telegram, Element, Discord and Signal. BlackGuard also aims to steal cryptocurrency wallet information, including extensions for wallet browsers for Microsoft Edge and Google Chrome.

The cybersecurity team noted that BlackGuard's capabilities may not be as wide-based as Infostealers yet, but the malicious code is very well-designed. It is clear that developers are skilled in their craft and have an excellent plan to increase the popularity of the new product.

This one is worth keeping an eye on. It's almost certain that we will hear more about this in the coming months.

Your Facebook Credentials May Be Stolen

facebookAre you using an Android phone? You may know someone who does.

Google's remarkable ability to find and remove harmful apps from the Play Store before they spread is amazing.

They aren't perfect and malicious code disguised to be legitimate applications can sometimes get past the amazing filtering system of the company.

"FaceStealer", a trojan malware, was discovered in an Android app with over 100k downloads. A Facebook login screen is displayed which requires users to log in to Facebook before they can use this app.

The Facebook login prompt may look official, however, be aware that it is not. By entering their login, a user is only required to reveal the code to hackers. Hackers have access to millions of Facebook users' login credentials. They can do as much damage as they want.

Researchers who discovered the source code for the virus were the ones who first brought it to Google's notice. The cybersecurity company also discovered that the author had automated the re-packaging process. It is actually very easy to make any legitimate mobile phone app a Trojan carrier.

It is worth being cautious and asking the question: "How many other poisoned apps might there be currently on Play Store?"

This is a complex question with no easy answer. When downloading an app, it is important to be cautious. Make sure you only download them from Google Play Store.

The best efforts in caution can still let malware into your network. Call Integrated Technology Systems today for advice on keeping your data secure.

Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017