Advanced Malware, Baldr, Targets Key Locations to Extract Vital Data
An advanced malware variant designed to steal information, deemed Baldr, is being sold on various cybercrime forums on the dark web. The malicious software is sold for a mere $
In the short-term, hackers have been able to iron out the wrinkles and add new capabilities, which in turn adds to the long-term success of this malicious attack. Additionally, Baldr is essentially invisible to the victim, as it lifts information on the go and doesn’t actually persist on the computer.
Once installed on the device, the malicious software targets key locations including browser profiles, digital currency wallets, records from VPN clients, FTP programs, and Telegram sessions in an attempt to extract the most important data. Additionally, it also searches for and steals the data within document files, including .doc, .log, and .txt files.
Surprisingly, during the exfiltration stage it appears there is no effort to disguise or hide the process of stealing the user’s data. While the malware is lifting the information, regardless of the number of files, they are all sent in one large, and rather obvious, network transfer.
Now for the good news – if there is any. Baldr is non-persistent and does not include a spreading mechanism. Meaning, it targets every victim individually, and does not attempt to spread throughout the network to additional devices.
