A big problem in the gaming industry that affects both players and gaming companies is cheating, especially when it happens in multi-player games where cheating offers an easy way to acquire an advantage over the opponents. Various cheating tools are currently available on the market, and as they have become extremely popular among gamers, malware creators have identified a new niche for spreading malicious applications. A new malware threat called Baldr has made it to the scene in early 2019, stealing gaming account passwords and sensitive user details. Most likely, it has been transmitted by cheating software promoted on YouTube.
Videos advertising cheats for gamers on YouTube are typically made by people who do not realize the risks associated with the tools they are trying to sell. Such videos promise online gamers opportunities to cheat in their games, while the link through which the particular cheat tool can be downloaded is placed in the video’s infobox. Researchers have also identified download links on gaming channels on the Telegram chat and Discord services. Hacked versions of popular games offered for free download represent another distribution channel for Baldr and similar threats, however, this type of malware can also come bundled within corrupted versions of crypto-currency mining software.
Baldr Malware Leveraged as a Multi-Level Threat
Baldr is known to have multiple levels of attacking systems. It seems to be a really dangerous tool as it is capable of stealing credit card numbers, various other sensitive information, and login credentials for gaming sites and other platforms. Moreover, the malware needs only to be installed once to package all the needed information and send it to the attackers’ host. Multiplayer games like Fortnite, Apex Legends, and Counter Strike Global Offensive are the main targets of the threat actors. Though it seems like justice is done as cheating in competitive games is an act of crime on itself, these attacks could cause harm that goes beyond the gaming industry. Baldr has evolved since its first appearance. Now, it steals not only in-game currencies but also Netflix passwords which the crooks then sell on dark forums.
It is still not known where the Baldr malware comes from, yet it is clear that it has already affected a large number of users in many countries, like the US, Indonesia, Brazil, and Singapore. Yet, there is a clue concerning the country of origin of this new threat - researchers have found out that Baldr has an option not to attack users located in Russia. Since cyber-attacks against domestic targets are a crime in Russia, experts speculate that the malware could be of Russian origin.