Sophos, the British security software and hardware company, has issued a warning regarding a new threat. This threat is a sophisticated piece of malware titled Baldr which is distributed via purported cheats for Fortnite, Apex Legends, and CS:GO.
Baldr is presented as a tool which allows players to gain an unfair advantage in these online games, but in reality, it is a tool which allows the purchaser of it, and its creators, to engage in identity theft.
The Trojan was first observed in January 2019, on sale via Russian cybercrime-related forums. By February it was discovered to become distributed more widely with its methods of stealing identity-related information also diversifying as it becomes more widespread.
The main means of spreading the tool, and therefore stealing users identity, is via YouTube. Sophos said that “These videos were used to advertise tools that purport to give online game players one or more abilities to cheat in games such as Counter-Strike: Global Offensive or Apex Legends. The video details often contained a link that a viewer could use to download the tool. We also saw download links distributed in gaming-specific channels on both the Discord and Telegram chat services.”
YouTube, Discord, and Telegram aren’t the only means of dispersing Baldr onto unsuspecting users, however. Sophos goes on to explain that “In addition to these distribution methods, we found instances where we found Baldr malware included with pirated versions of games offered for illicit download, as well as bundled along with maliciously modified installers of otherwise legitimate cryptocurrency miner software.”
At the time of writing, the development of further permutations of Baldr may have ceased, as “the main developer and the principal distributor seem to have had a (somewhat public) falling out”. That said, we would always advise caution online, and if something’s too good to be true, it probably is.
For more news, updates, and the latest gaming information don’t forget to keep your eyes on the Green Man Gaming Newsroom.