Russian Hackers Deploy Info-Stealing Malware Against Ukraine. Cyclonis Provides Protection Steps

Contact Us
Patrick Morganelli
3 Castle Street, Penthouse
Dublin D02KF25 

Dublin, Ireland, April 29, 2022 – Russia’s invasion of Ukraine has brought a heavy wave of new info-stealer malware infections in its wake. Since hostilities broke out, Russian-backed hackers using phishing emails and malware to gain access to both government and individual computer systems have increased, and Russian-linked cyber attacks are expected to remain a constant worldwide threat for the foreseeable future.

Cyclonis Limited and its research partners track the development of cyber attacks including info-stealing malware threats like Raccoon Stealer and have compiled effective ways to help you protect yourself from attacks.

Dangerous Info-Stealer Malware Threatens Users Globally

In the wake of the Russian invasion of Ukraine, numerous highly dangerous info-stealer malware infections have emerged. Info-stealers are designed to infiltrate computers without user knowledge or consent. Once installed, these threats steal users’ highly sensitive information, including banking passwords, credit card information, crypto wallet IDs and passphrases, and transmit the stolen data to cybercriminal hacker groups. Stolen data can be used by cybercriminals to perpetuate identity theft, commit fraud and compromise additional computer systems without the user’s knowledge. In an alarming trend, info-stealers are increasingly offered as “malware-as-a-service”, providing a turn-key solution for novice cybercriminals to get into the cybercrime game.

BlackGuard is a password-stealing malware threat that is offered on the dark net as “malware-as-a-service” priced as low as $200/month, according to some reports. It is designed to infiltrate all major web browsers, in addition to Outlook, Telegram, Discord, and several cryptocurrency wallets. BlackGuard’s focus is to steal and exfiltrate passwords and other sensitive information from the affected apps. BlackGuard is specifically programmed to geo-target certain regions and countries. Tellingly, BlackGuard has been found to generally avoid affecting systems located in many Russia-aligned CIS countries, including Russia, Belarus, Azerbaijan, and Uzbekistan.

GhostWriter APT is an alleged Belarus-backed hacker group that has used spear-phishing attacks in combination with the Cobalt Strike Beacon malware to attack Ukrainian state entities and other high-profile targets. GhostWriter APT was first identified in March 2017 and has since been reported to have engaged in multiple anti-NATO disinformation campaigns.

Mars Stealer is an info-stealer based on Oski Stealer, a previously released info-stealer threat. Mars Stealer is similar to Racoon Stealer, a similar info-stealer that reportedly suspended operations when one of its main developers died amid Russia’s invasion of Ukraine. Experts have suggested that threat actors previously associated with Racoon Stealer are behind Mars Stealer. Mars Stealer is available on the dark web at a minimal cost as “malware-as-a-service” and requires little hacker expertise to weaponize. Rogue operators have employed a variety of tricks to infect users, including utilizing hacked Google Ads accounts to impersonate official websites offering OpenOffice and other popular downloads. Once it is installed on a system, Mars Stealer attempts to steal browser-stored data, including credit card information and stored usernames and passwords, and sends this compromised data to the hackers.

To find out more about the ongoing cyber attacks against Ukraine, visit

How to Protect Yourself Against Info-Stealing Malware

Users can follow these guidelines to help to prevent info-stealing malware attacks and help increase online security:
Be extremely careful, even when downloading and installing reputable and popular software. Always verify that you are downloading directly from the source and not from questionable third-party software sharing pages or unfamiliar sites.

– Protect your computer from potential cyber attacks with a powerful anti-malware program like SpyHunter (

– Stay alert. Don’t click unknown email attachments, website links or online ads because they may lead to malicious sites or install unwanted software without your knowledge.

– Keep your software up-to-date. Experts often recommend turning on automatic software updates where available.

– Use strong passwords that are unique and hard to guess. To help keep track of all your passwords in one central place, use a reputable password manager like Cyclonis Password Manager (

– Backup your data. Consider using a reliable cloud storage backup program like Cyclonis Backup to protect your important files (

About Cyclonis Limited

An Irish company headquartered in Dublin, Cyclonis Limited designs and develops desktop, mobile, and cloud-enabled software products focused on simplifying data organization and management. Focused on helping computer users simplify their online life, Cyclonis Limited is best known for the development and distribution of their Cyclonis Password Manager and Cyclonis Backup applications, an adept password management application that combines a collection of useful features to encrypt, store, and easily access passwords and sync users’ data across multiple Internet-connected devices. Cyclonis Limited’s applications aim to streamline the process of organizing the increasing volumes of information regular computer users deal with every day.