• Baldr can steal system information and browser details such as browser history, cookies, stored passwords, system files, and user data.
  • The malware can steal an entire file’s data and bulk transfer the stolen data to its C&C server.

What is the issue - A new info-stealer malware dubbed Baldr which was first spotted in the underground forums in January 2019 is now spotted in the wild.

What are its capabilities?

  • Baldr can steal system information and browser details such as browser history, stored passwords, system files, and user data.
  • The info-stealer malware is capable of stealing .doc, .docx, .log, and .txt files.
  • The malware can steal an entire file’s data and send it back to its C&C server.
  • It can scan for cryptocurrency wallets, VPNs, Telegram, and Jabber.
  • It can bulk transfer the stolen data to its C&C server.
  • It can also grab screenshots of victims systems.
  • Baldr allows attackers to view infection statistics and retrieve stolen data.

Worth noting

Baldr malware is distributed via malicious apps, malicious software disguised as hacking tools, and a fake bitcoin miner. Once the malware gets installed on an infected device, it starts stealing data but does not gain persistence after stealing data. The stolen data that is transferred to the C&C server is not obfuscated.

“ Because such stealers are often non-resident (meaning they have no persistence mechanism) unless they are detected at the time of the attack, victims will be none-the-wiser that they have been compromised,” researchers described in a blog.

Cyware Publisher

Publisher

Cyware