Skip Navigation
BlackBerry Blog

BlackGuard Infostealer: BlackBerry Defeats it in Milliseconds (Video)

Many threat actors are moving away from a shotgun approach and opting for more targeted attacks after carefully researching potential targets and developing specialized malware. BlackGuard Infostealer is an example of this business model. Sold as a Malware-as-a-Service (MaaS), BlackGuard Infostealer is distinctly different from its family relatives. Its hyper focused functions target web browsers, cryptocurrency services, and crypto wallets. Despite having fewer capabilities than many infostealers, BlackGuard still collects a wealth of user data.

To extract critical information from a victim's device, such as the user’s IP address, country/location, hardware identification (HWID), operating system (OS), and log data (of infection), BlackGuard uses specific functions resembling Arkei Infostealer and Bhunt Scavenger malwares. It also targets virtual private network (VPN) clients, instant messaging (IM) services, FTP clients, and voice-over-internet protocol (VoIP) services. Regarding VPNs, BlackGuard seeks out two popular applications: OpenVPN and NordVPN. BlackBerry analysts have identified new functions such as features that evaluate high-value targets, and default browser checks.

BlackGuard Infostealer targets Windows® operating system users. To prevent detection, the malware developers incorporated both anti-analysis and anti-detection check functions. If specific Dynamic-Link Library (.DLL) files are detected, it will attempt to terminate itself. A complete .DLL file list is available in our research report on BlackGuard Infostealer.

BlackBerry evaluates BlackGuard Infostealer as a potential medium-impact, and medium-risk level threat to network security.

BlackGuard Infostealer Defeated by BlackBerry

Watch the brief video below to see how BlackGuard Infostealer is defeated by the BlackBerry® artificial intelligence (AI) powered endpoint protection platform (EPP) solution, CylancePROTECT®.

DEMO VIDEO: BlackBerry vs. BlackGuard Infostealer
Learn more about BlackGuard Infostealer in our deep dive blog Threat Thursday: BlackGuard Infostealer Rises from Russian Underground Markets
Figure 1 – We attempt to bring five BlackGuard samples into the environment.
Figure 2 – CylancePROTECT AI predicts and prevents these threats before they can execute.

Cylance AI

To learn more about Cylance® AI capabilities, visit: Cylance Endpoint Security from BlackBerry.

BlackBerry Assistance 

The BlackBerry Incident Response team can work with organizations of any size and across any vertical, to evaluate and enhance their endpoint security posture and proactively maintain the security, integrity, and resilience of their network infrastructure. For emergency assistance, please email us at, or use our handraiser form.


In this quick video, we're going to access the temporal predictive advantage that CylancePROTECT® has against BlackGuard, one of the latest .Net based infostealers to rise to prominence in Russian underground markets.

For this test, we have a CylancePROTECT engine from Oct. 2015, running on a machine with no internet connectivity, and no operating system updates since 2016.

We have collected five BlackGuard samples. Let's copy them to our test system. We can see how our machine learning models are able to prevent these threats in milliseconds, before they execute.

Prevention is Possible, with BlackBerry.

David Steinberg-Zwirek

About David Steinberg-Zwirek

David Steinberg-Zwirek is an Editorial Intern at BlackBerry.

Hector Diaz

About Hector Diaz

 Senior Technical Marketing Manager at BlackBerry

Hector Diaz is a Senior Technical Marketing Manager for Latin America and the Caribbean at BlackBerry. Hector works with Engineering and Product Management to translate technology concepts into digestible pieces, evangelizing and educating people about Artificial Intelligence (AI) applied to cybersecurity.

With over 15 years of experience in cybersecurity, Hector is a respected professional who is in-demand at trade shows, partner training and customer engagements across Latin America and the Caribbean Region.