Security lock

Latest Malware Variant, Deemed Baldr, is Invisible to Users…

Advanced Malware, Baldr, Targets Key Locations to Extract Vital Data

An advanced malware variant designed to steal information, deemed Baldr, is being sold on various cybercrime forums on the dark web.  The malicious software is sold for a mere $150, and appears to be carefully crafted.  Based on the research completed to date, the creators of Baldr have crafted the malware carefully to ensure its long-term use.

In the short-term, hackers have been able to iron out the wrinkles and add new capabilities, which in turn adds to the long-term success of this malicious attack.  Additionally, Baldr is essentially invisible to the victim, as it lifts information on the go and doesn’t actually persist on the computer. 

Once installed on the device, the malicious software targets key locations including browser profiles, digital currency wallets, records from VPN clients, FTP programs, and Telegram sessions in an attempt to extract the most important data.  Additionally, it also searches for and steals the data within document files, including .doc, .log, and .txt files.

Surprisingly, during the exfiltration stage it appears there is no effort to disguise or hide the process of stealing the user’s data. While the malware is lifting the information, regardless of the number of files, they are all sent in one large, and rather obvious, network transfer.

Now for the good news – if there is any.  Baldr is non-persistent and does not include a spreading mechanism.  Meaning, it targets every victim individually, and does not attempt to spread throughout the network to additional devices. 

427 total views, 3 views today

(Visited 1 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.