Malwarebytes: There is a new information stealer on the wild, dubbed Baldr and disseminated by cybercrime. It quickly generated many positive reviews on most of the popular clearnet Russian hacking forums
There is a new information stealer on the wild, dubbed Baldr and disseminated by cybercrime. It has been analyzed by Malwarebytes cyber security experts. It first appeared in underground forums in January 2019, and was later seen in the wild by Microsoft in February. According to the company’s blog, the malware is likely the work of three threat actors: Agressor for distribution, Overdot for sales and promotion, and LordOdin for development. Despite is quite new, the malicious code quickly generated many positive reviews on most of the popular clearnet Russian hacking forums. Overdot posts a majority of advertisements across multiple message boards, provides customer service via Jabber, and addresses buyer complaints in the reputational system used by several boards. Furthermore, he claims that the developers of both Baldr and Arkei steeler are in contact and collaborate on occasion. But, according to LordOdin, it’s not a simply reskin of Arkei.
The cyber security experts: One of its primary vectors is the use of Trojanized applications, disguised as cracks or hack tools
The last version of Baldr, according to Malwarebytes cyber security experts, is version 2.2, announced March 20. One of its primary vectors is the use of Trojanized applications, disguised as cracks or hack tools. For example, the researchers saw a video posted to YouTube offering a program to generate free Bitcoins, but it was in fact the malware stealer in disguise. Its main functions are User profiling, sensitive data exfiltration, shotgun file grabbing, screen cap, and network exfiltration. Moreover, like other stealers, Baldr comes with a panel that allows the cyber criminals to see high-level stats, as well as retrieve the stolen information. Those features make it in great demand. So, most likely, many distributors will use it as part of several cybercrime campaigns.