Home / Technology / News /  The evasive Baldr malware may hit back in new forms, warns SophosLabs
Back

The evasive Baldr malware may hit back in new forms, warns SophosLabs

1 min read . Updated: 26 Aug 2019, 03:39 PM IST Abhijit Ahaskar
Baldr scans through all AppData and temp folders on the victim’s computer, looking for sensitive data such as saved passwords, browser history, cached data, configuration files, cookies from a wide range of apps. (iStock)Premium
Baldr scans through all AppData and temp folders on the victim’s computer, looking for sensitive data such as saved passwords, browser history, cached data, configuration files, cookies from a wide range of apps. (iStock)

  • Baldr was used to target PC gamers living around the world; Indonesia (21%), the United States (10.52%), Brazil (14.14%), Russia (13.68%), India (8.77%) and Germany (5.43%) were the countries most affected
  • It was named Baldr as security researchers believe it to be the handiwork of LordOdin, a hacker active on Russian forums

Security researchers at cybersecurity firm SophosLabs have released a detailed report on Baldr, a new type of malware that first surfaced in January on Deep Web and then went out of circulation in June 2019 after a falling out between its creators and distributors. The malware was used to target PC gamers across the world. According to Sophos’ report, Indonesia (21%), the United States (10.52%), Brazil (14.14%), Russia (13.68%), India (8.77%) and Germany (5.43%) were among those that were most affected.

SophosLabs points out that usually, malwares like Baldr are sold on DarkWeb (where hard core cybercriminals lurk), but the authors behind the malware wanted to make it available to larger group of cybercriminals and so released it on Deep Web, that part of the World Wide Web which is not indexed by search engines and which lies between Surface Web and Dark Web.

Even though the malware is no longer in circulation on Deep Web, the researchers believe cybercriminals who have access to the malware can still rewrite it and use it to carry out fresh attacks under a different name. “Even though Baldr is currently off the deep market, it can still be used by cybercriminals who had previously purchased it, and is still a potential threat," warned Albert Zsigovits, a threat researcher at SophosLabs, in a press statement.

The malware has been named Baldr as security researchers believe it to be the handiwork of LordOdin, a hacker active on Russian forums. Its circulation was handled by Agri_Man, a renowned malware distributor on Russian forums. Researchers at Malwarebytes Labs, another cybersecurity firm, point out that Baldr is a sophisticated malware that has been written skilfully for long running campaign, which is what makes it hard to detect.

Baldr scans through all AppData and temp folders on the victim’s computer, looking for sensitive data such as saved passwords, browser history, cached data, configuration files, cookies from a wide range of apps. It first sends a screen grab of the list of all the sensitive files and then the actual files to the hacker.

ABOUT THE AUTHOR
Abhijit Ahaskar
Abhijit writes on tech policy, gaming, security, AI, robotics, electronics and startups. He has been in the media industry for over 12 years.
Catch all the Technology News and Updates on Live Mint. Download The Mint News App to get Daily Market Updates & Live Business News.
More Less
OPEN IN APP
Recommended For You

Wait for it…

Log in to our website to save your bookmarks. It'll just take a moment.

Yes, Continue

You are just one step away from creating your watchlist!

Login Now

Wait for it…

Oops! Looks like you have exceeded the limit to bookmark the image. Remove some to bookmark this image.

Your session has expired, please login again.

Yes, Continue
×
Get alerts on WhatsApp
 Set Preferences My ReadsWatchlistFeedbackRedeem a Gift CardLogout