{"id":4556,"date":"2023-03-29T20:30:25","date_gmt":"2023-03-29T19:30:25","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=4556"},"modified":"2023-04-11T21:50:35","modified_gmt":"2023-04-11T20:50:35","slug":"nova-varijanta-blackguard-kradljivca","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2023\/03\/29\/nova-varijanta-blackguard-kradljivca\/","title":{"rendered":"Nova varijanta BlackGuard kradljivca"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\">Nova varijanta <em>BlackGuard<\/em> kradljivca je primije\u0107ena u kiberneti\u010dkom prostoru sa sa novim mogu\u0107nostima kao \u0161to su <em>USB<\/em> \u0161irenje, mehanizmi odr\u017eivosti, u\u010ditavanje dodatnog zlonamjernog k\u00f4da u memoriju i ciljanje dodatnih kripto nov\u010danika.<\/span><\/p>\n<div id=\"attachment_4561\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4561\" class=\"size-full wp-image-4561\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/BlackGuard.jpg\" alt=\"BlackGuard\" width=\"1024\" height=\"683\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/BlackGuard.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/BlackGuard-300x200.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/BlackGuard-768x512.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/BlackGuard-18x12.jpg 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-4561\" class=\"wp-caption-text\"><em>Image by <a href=\"https:\/\/pixabay.com\/users\/thedigitalartist-202249\/?utm_source=link-attribution&amp;utm_medium=referral&amp;utm_campaign=image&amp;utm_content=2300772\" target=\"_blank\" rel=\"noopener\">Pete Linforth<\/a> from <\/em><a href=\"https:\/\/pixabay.com\/\/?utm_source=link-attribution&amp;utm_medium=referral&amp;utm_campaign=image&amp;utm_content=2300772\" target=\"_blank\" rel=\"noopener\"><em>Pixabay<\/em><\/a><\/p><\/div>\n<h2><span style=\"font-size: 14pt;\"><strong>Upoznavanje<\/strong><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Hakerski forumi se \u010desto organizuju kao podzemna tr\u017ei\u0161ta na kojima sajber kriminalci kupuju, iznajmljuju i prodaju sve vrste zlonamjernih ilegalnih proizvoda, uklju\u010duju\u0107i softver, <a href=\"https:\/\/sajberinfo.com\/en\/2021\/09\/26\/trojan\/\" target=\"_blank\" rel=\"nofollow noopener\">trojance<\/a>, kradljivac, eksploatacije i <a href=\"https:\/\/sajberinfo.com\/en\/2019\/02\/24\/lozinka-password-sifra\/\" target=\"_blank\" rel=\"nofollow noopener\">korisni\u010dke lozinke<\/a>. Zlonamjerni softver kao usluga (eng. <em>Malware-as-a-service<\/em> &#8211; <em>MaaS<\/em>) je zna\u010dajno doprinio porastu <em>ransomvare<\/em>-a i <a href=\"https:\/\/sajberinfo.com\/en\/2022\/01\/02\/phishing-meta-su-ljudi-ne-tehnologija\/\" target=\"_blank\" rel=\"nofollow noopener\"><em>phishing<\/em><\/a> napada (izme\u0111u ostalih vrsta napada) u protekloj godini, jer zahtijevaju manje tehni\u010dkog znanja za pokretanje napada na korisnike i organizacije.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Dok je pregledao jedan od ovih hakerskih foruma tokom redovnih istra\u017eiva\u010dkih aktivnosti, <a href=\"https:\/\/www.zscaler.com\/blogs\/security-research\/analysis-blackguard-new-info-stealer-malware-being-sold-russian-hacking\" target=\"_blank\" rel=\"noopener\">tim <em>Zscaler ThreatLabz<\/em> je nai\u0161ao na <em>BlackGuard<\/em><\/a>, sofisticirani kradljivac, koji se nudi za prodaju. <em>BlackGuard<\/em> se trenutno prodaje po modelu zlonamjerni softver kao usluga sa do\u017eivotnim pravom kori\u0161tenja sa cijenom od 700 dolara ili mjese\u010dnom pretplatom sa cijenom od 200 dolara.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>BlackGuard<\/em> ima mogu\u0107nost da ukrade sve vrste informacija koje se odnose na kripto nov\u010danike, <a href=\"https:\/\/sajberinfo.com\/en\/2021\/10\/17\/vpn-sigurno-mrezno-povezivanje\/\" target=\"_blank\" rel=\"nofollow noopener\"><em>VPN<\/em><\/a>, <em>aplikacije za razmjenu poruka<\/em>, <em>FTP<\/em> <em>akreditive<\/em>, sa\u010duvane <em>akreditive<\/em> u Internet pregleda\u010dima i klijentima elektronske po\u0161te.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span style=\"font-size: 14pt;\"><strong>Tehni\u010dke mogu\u0107nosti<\/strong><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\"><em>BlackGuard<\/em> je .<em>NET<\/em> kradljivac zapakovan u \u0161ifrovani paket. Trenutno je u aktivnom razvoju i ima sljede\u0107e mogu\u0107nosti:<\/span><\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\"><strong>Izbjegavanje otkrivanja.<\/strong> Jednom kada je pokrenut, gasi procese povezane sa antivirus i <em>sandbox<\/em> softverom.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><strong>Zamagljivanje niza.<\/strong> Zlonamjerni softver sadr\u017ei nepromjenjivo upisan kodirani niz bajtova koji se dekodira u toku izvr\u0161avanja <em>ASCII<\/em> stringova nakon \u010dega slijedi <em>base64<\/em> dekodiranje. Ovo mu omogu\u0107ava da zaobi\u0111e antivirusnu i detekciju zasnovanu na nizovima.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><strong>ZND izbjegavanje.<\/strong> <em>BlackGuard<\/em> provjerava zara\u017eenu zemlju slanjem zahteva na \u201c<em>http:\/\/ipvhois.app\/kml\/<\/em>\u201c i sam se gasi ako se ure\u0111aj nalazi u Zajednici nezavisnih dr\u017eava &#8211; odnosno savezu sastavljenom od 10 biv\u0161ih sovjetskih republika.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><strong>Spre\u010davanje obrnutog in\u017einjeringa.<\/strong> <em>BlackGuard<\/em> koristi <em>user32!BlockInput()<\/em> koji mo\u017ee blokirati sve doga\u0111aje mi\u0161a i tastature kako bi onemogu\u0107io poku\u0161aje otklanjanja gre\u0161aka.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><strong>Funkcija kra\u0111e.<\/strong> Nakon \u0161to se sve provjere zavr\u0161e, poziva se funkcija koja prikuplja informacije iz razli\u010ditih Internet pregleda\u010da, softvera i\u00a0 podrazumijevanih direktorijuma.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-size: 14pt;\"><em>\u00a0<\/em><\/span><\/p>\n<h3><span style=\"font-size: 14pt;\"><strong>Kra\u0111a podatka<\/strong><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\"><em>\u00a0<\/em><\/span><span style=\"font-size: 14pt;\"><em>BlackGuard<\/em> krade lozinke iz pregleda\u010da zasnovanih na <em>Chrome<\/em> i <em>Gecko<\/em> platformi, koriste\u0107i stati\u010dku putanju. Ima mogu\u0107nost kra\u0111e istorije pretra\u017eivanja, lozinki, informacija o automatskom popunjavanju i preuzimanjima datoteka.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Tako\u0111e podr\u017eava kra\u0111u kripto nov\u010danika i drugih osjetljivih datoteka u vezi sa aplikacijama kripto nov\u010danika. Cilja osjetljive podatke u datotekama kao \u0161to je <em>wallet.dat<\/em>\u00a0 koje sadr\u017ee adresu, privatni klju\u010d za pristup adresi i druge podatke. On vr\u0161i provjeru podrazumijevane datoteke nov\u010danika u <em>AppData<\/em> i kopira je u radni direktorijum. Pored toga, ovaj zlonamjerni softver cilja <em>Chrome<\/em> i\u00a0 <em>Edge<\/em> dodatke za kripto nov\u010danike instalirane u ovim Internet pregleda\u010dima.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Nakon \u0161to zavr\u0161i prikupljanje informacija, <em>BlackGuard<\/em> napravi .<em>ZIP<\/em> svih datoteka i \u0161alje ga komandnom serveru server putem <em>POST<\/em> zahteva zajedno sa sistemskim informacijama kao \u0161to su <em>ID<\/em> hardvera i dr\u017eava.<\/span><\/p>\n<div id=\"attachment_4563\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4563\" class=\"size-full wp-image-4563\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/3852562.webp\" alt=\"steal data\" width=\"1024\" height=\"683\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/3852562.webp 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/3852562-300x200.webp 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/3852562-768x512.webp 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/3852562-18x12.webp 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-4563\" class=\"wp-caption-text\"><em>Image by <\/em><a href=\"https:\/\/www.freepik.com\/free-vector\/steal-data-illustrated-concept_8374849.htm#query=stealing&amp;position=24&amp;from_view=search&amp;track=sph\" target=\"_blank\" rel=\"noopener\"><em>Freepik<\/em><\/a><\/p><\/div>\n<h3><span style=\"font-size: 14pt;\"><strong>Spisak ciljanih aplikacija<\/strong><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\">Internet pregleda\u010di:<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>Chrome, Opera, Firefox, MapleStudio, Iridium, 7Star, CentBrowser, Chedot, Vivaldi, Kometa, Elements Browser, Epic Privacy Browser, uCozMedia, Coowon, liebao, QIP Surf, Orbitum, Comodo, Amigo, Torch, Comodo, 360Browser, Maxthon3, K-Melon, Sputnik, Nichrome, CocCoc, Uran, Chromodo, Edge, BraveSoftware<\/em>.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Kripto nov\u010danici:<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>AtomicWallet, BitcoinCore, DashCore, Electrum, Ethereum, Exodus, LitecoinCore, Monero, Jaxx, Zcash, Solar, Zap, AtomicDEX, Binance, Frame, TokenPocket, Wassabi<\/em>.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Internet pregleda\u010d dodaci za kripto nov\u010danike:<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>Binance, coin98, Phantom, Mobox, XinPay, Math10, Metamask, BitApp, Guildwallet, iconx, Sollet, Slope Wallet, Starcoin, Swash, Finnie, KEPLR, Crocobit, OXYGEN, Nifty, Liquality, Auvitas wallet, Math wallet, MTV wallet, Rabet wallet, Ronin wallet, Yoroi wallet, ZilPay wallet, Exodus, Terra Station, Jaxx<\/em>.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Klijenti elektronske po\u0161te:<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>Outlook<\/em><\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Aplikacije za razmjenu poruka:<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>Telegram, Signal, Tox, Element, Pidgin, Discord.<\/em><\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Ostale aplikacije:<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>NordVPN, OpenVPN, ProtonVpn, Totalcomander, Filezilla, WinSCP, Steam<\/em>.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h4><span style=\"font-size: 14pt;\"><strong>Zaklju\u010dak<\/strong><\/span><\/h4>\n<p><span style=\"font-size: 14pt;\">Mo\u017eda <em>BlackGuard <\/em>primjena nije toliko rasprostranjena, ali je sve ve\u0107a prijetnja jer nastavlja da se pobolj\u0161ava i razvija sna\u017enu reputaciju u podzemnoj zajednici, posebno novim poslovnim modelom zlonamjerni softver kao usluga (<em>MaaS<\/em>) . Za borbu protiv ovog zlonamjernog softvera i njemu sli\u010dnih prijetnji, bezbjednosni timovi treba da pregledaju sav mre\u017eni saobra\u0107aj i koriste alate za za\u0161titu od zlonamjernog softvera koji uklju\u010duju i <a href=\"https:\/\/sajberinfo.com\/en\/2021\/08\/17\/antivirusni-softver\/\" target=\"_blank\" rel=\"nofollow noopener\">antivirus<\/a> (za poznate prijetnje) i <em>sandboxing<\/em> mogu\u0107nosti za\u0161tite (za nepoznate prijetnje).<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Korisnici bi trebalo da izbjegavaju preuzimanje izvr\u0161nih datoteka sa nepouzdanih Internet lokacija, budu veoma oprezni sa datotekama koje sti\u017eu kao prilozi elektronske po\u0161te od nepoznatih po\u0161iljalaca i odr\u017eavaju sistem i antivirusni softver a\u017euriranim.<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>Nova varijanta BlackGuard kradljivca je primije\u0107ena u kiberneti\u010dkom prostoru sa sa novim mogu\u0107nostima kao \u0161to su USB \u0161irenje, mehanizmi odr\u017eivosti, u\u010ditavanje dodatnog zlonamjernog k\u00f4da u memoriju i ciljanje dodatnih kripto nov\u010danika. Upoznavanje Hakerski forumi&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":4561,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[77,316,149,150,318,63,310,231,321,152,319,61,322,317,320,96,242,78],"class_list":["post-4556","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-antivirusni-softver","tag-blackguard","tag-chrome","tag-firefox","tag-gecko","tag-lozinka","tag-maas","tag-malware-as-a-service","tag-nordvpn","tag-opera","tag-outlook","tag-phishing","tag-sandboxing","tag-stealer","tag-telegram","tag-trojan","tag-vivaldi","tag-vpn"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4556","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=4556"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4556\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/4561"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=4556"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=4556"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=4556"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}