{ "id": "cffe40ac-db3c-4d0a-bc9c-0b8816979b9e", "created_at": "2026-04-06T00:10:24.798671Z", "updated_at": "2026-04-10T03:37:09.355842Z", "deleted_at": null, "sha1_hash": "c71e8952d98c5d6d94eafc962e73b446ace6a089", "title": "New Password-Stealing Malware Sells on Hacking Forum! Chrome, Binance, Outlook, Telegram Users Affected?", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 48597, "plain_text": "New Password-Stealing Malware Sells on Hacking Forum!\r\nChrome, Binance, Outlook, Telegram Users Affected?\r\nBy Teejay Boris\r\nPublished: 2022-04-01 · Archived: 2026-04-05 15:11:59 UTC\r\nNew password-stealing malware is now being sold on dark hacking forum sites, which goes by the name\r\nBlackGuard.\r\nGoogle Chrome Users Beware: Emergency Update Releases to Fix Zero-Day Security\r\nVulnerability\r\nIn this file photo taken on August 04, 2020, Prince, a member of the hacking group Red Hacker\r\nAlliance who refused to give his real name, uses his computer at their office in Dongguan, China's\r\nsouthern Guangdong province. - As the number of online devices surges and super-fast 5G\r\nconnections roll out. NICOLAS ASFOURI/AFP via Getty Images\r\nNew Password-Stealing Malware: BlackGuard\r\nThe new malware vows to attempt to steal user data from numerous platforms, such as Google Chrome, Binance,\r\nMicrosoft's Outlook, Telegram, and tons more, as per a news story by Bleeping Computer.\r\nThe password-stealing malware primarily harvests sensitive information after cracking open various accounts on\r\nthe platforms that it supports.\r\nThe news outlet further noted in the same report that the BlackGuard was first seen on Russian forums way back\r\nin January, which back then was still undergoing its testing phase.\r\nBut, this time around, the info-stealing malware is now being sold on numerous online hacker forums.\r\nIn fact, BlackGuard has rapidly grown into popularity-perhaps due to the recent demise of another malware aptly\r\nnamed the Raccoon Stealer.\r\nBlackGuard vs. Apps\r\nAs mentioned, the new password-stealing malware seen in various hacking forums has an extensive list of apps\r\nthat it vows to steal data from.\r\nThat said, users of top web browsers, such as Google Chrome, Firefox, Vivaldi, Microsoft Edge, and Opera, along\r\nwith other less popular ones out there, could be affected by the new malware.\r\nThe data-stealing virus will try to steal various data from these browsers, including their history, autofill, cookies,\r\nand saved login credentials.\r\nhttps://www.techtimes.com/articles/273752/20220331/new-password-stealing-malware-hacking-forum-hack-password-stealing-google-chrome-binance-outlook-telegram.htm\r\nPage 1 of 2\n\nLONDON, ENGLAND - MAY 25: A close-up view of the Telegram messaging app is seen on a\r\nsmart phone on May 25, 2017 in London, England. Telegram, an encrypted messaging app, has\r\nbeen used as a secure communications tool by Islamic State. Carl Court/Getty Images\r\nWhat's more, users of messaging platforms like Signal, Telegram, Pidgin, and Discord should also beware of this\r\nmalware, according to a recent report by ZDNet.\r\nBlackGuard also targets wallet browser extensions, including Metamask, Ronin wallet, and Binance, to name a\r\nfew.\r\nOn top of that, the password-stealing malware would also attempt to steal the data of cryptocurrency wallet users,\r\nnamely, LitecoinCore, AtomicWallet, Electrum, Ethereum, Exodus, and a lot more.\r\nZDNet said in the same report that the malware would attempt to harvest the wallet address and private keys of the\r\nusers of these crypto platforms.\r\nIt attempts to steal data from users of massive VPN apps, such as OpenVPN, ProtonVPN, and NordVPN.\r\nFor email clients, BlackGuard will only attempt to crack the accounts of Outlook users.\r\nHowever, it is worth noting that the malware also includes the giant gaming platform, Steam, to its list of targeted\r\napps.\r\nThis article is owned by Tech Times\r\nWritten by Teejay Boris\r\nⓒ 2026 TECHTIMES.com All rights reserved. Do not reproduce without permission.\r\nhttps://www.techtimes.com/articles/273752/20220331/new-password-stealing-malware-hacking-forum-hack-password-stealing-google-chrome-binance-outlook-telegram.htm\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "https://www.techtimes.com/articles/273752/20220331/new-password-stealing-malware-hacking-forum-hack-password-stealing-google-chrome-binance-outlook-telegram.htm" ], "report_names": [ "new-password-stealing-malware-hacking-forum-hack-password-stealing-google-chrome-binance-outlook-telegram.htm" ], "threat_actors": [ { "id": "8941e146-3e7f-4b4e-9b66-c2da052ee6df", "created_at": "2023-01-06T13:46:38.402513Z", "updated_at": "2026-04-10T02:00:02.959797Z", "deleted_at": null, "main_name": "Sandworm", "aliases": [ "IRIDIUM", "Blue Echidna", "VOODOO BEAR", "FROZENBARENTS", "UAC-0113", "Seashell Blizzard", "UAC-0082", "APT44", "Quedagh", "TEMP.Noble", "IRON VIKING", "G0034", "ELECTRUM", "TeleBots" ], "source_name": "MISPGALAXY:Sandworm", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "3a0be4ff-9074-4efd-98e4-47c6a62b14ad", "created_at": "2022-10-25T16:07:23.590051Z", "updated_at": "2026-04-10T02:00:04.679488Z", "deleted_at": null, "main_name": "Energetic Bear", "aliases": [ "ATK 6", "Blue Kraken", "Crouching Yeti", "Dragonfly", "Electrum", "Energetic Bear", "G0035", "Ghost Blizzard", "Group 24", "ITG15", "Iron Liberty", "Koala Team", "TG-4192" ], "source_name": "ETDA:Energetic Bear", "tools": [ "Backdoor.Oldrea", "CRASHOVERRIDE", "Commix", "CrackMapExec", "CrashOverride", "Dirsearch", "Dorshel", "Fertger", "Fuerboos", "Goodor", "Havex", "Havex RAT", "Hello EK", "Heriplor", "Impacket", "Industroyer", "Karagany", "Karagny", "LightsOut 2.0", "LightsOut EK", "Listrix", "Oldrea", "PEACEPIPE", "PHPMailer", "PsExec", "SMBTrap", "Subbrute", "Sublist3r", "Sysmain", "Trojan.Karagany", "WSO", "Webshell by Orb", "Win32/Industroyer", "Wpscan", "nmap", "sqlmap", "xFrost" ], "source_id": "ETDA", "reports": null }, { "id": "a66438a8-ebf6-4397-9ad5-ed07f93330aa", "created_at": "2022-10-25T16:47:55.919702Z", "updated_at": "2026-04-10T02:00:03.618194Z", "deleted_at": null, "main_name": "IRON VIKING", "aliases": [ "APT44 ", "ATK14 ", "BlackEnergy Group", "Blue Echidna ", "CTG-7263 ", "ELECTRUM ", "FROZENBARENTS ", "Hades/OlympicDestroyer ", "IRIDIUM ", "Qudedagh ", "Sandworm Team ", "Seashell Blizzard ", "TEMP.Noble ", "Telebots ", "Voodoo Bear " ], "source_name": "Secureworks:IRON VIKING", "tools": [ "BadRabbit", "BlackEnergy", "GCat", "NotPetya", "PSCrypt", "TeleBot", "TeleDoor", "xData" ], "source_id": "Secureworks", "reports": null }, { "id": "b3e954e8-8bbb-46f3-84de-d6f12dc7e1a6", "created_at": "2022-10-25T15:50:23.339976Z", "updated_at": "2026-04-10T02:00:05.27483Z", "deleted_at": null, "main_name": "Sandworm Team", "aliases": [ "Sandworm Team", "ELECTRUM", "Telebots", "IRON VIKING", "BlackEnergy (Group)", "Quedagh", "Voodoo Bear", "IRIDIUM", "Seashell Blizzard", "FROZENBARENTS", "APT44" ], "source_name": "MITRE:Sandworm Team", "tools": [ "Bad Rabbit", "Mimikatz", "Exaramel for Linux", "Exaramel for Windows", "GreyEnergy", "PsExec", "Prestige", "P.A.S. Webshell", "AcidPour", "VPNFilter", "Neo-reGeorg", "Cyclops Blink", "SDelete", "Kapeka", "AcidRain", "Industroyer", "Industroyer2", "BlackEnergy", "Cobalt Strike", "NotPetya", "KillDisk", "PoshC2", "Impacket", "Invoke-PSImage", "Olympic Destroyer" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434224, "ts_updated_at": 1775792229, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/c71e8952d98c5d6d94eafc962e73b446ace6a089.pdf", "text": "https://archive.orkl.eu/c71e8952d98c5d6d94eafc962e73b446ace6a089.txt", "img": "https://archive.orkl.eu/c71e8952d98c5d6d94eafc962e73b446ace6a089.jpg" } }