Hundreds of FPS players such as Apex Legends are infected with malware via cheat tools and their personal information is stolen
Malware that security company Sophos downloads cheat tools for popular first-person shooters such as Apex Legends and Counter-Strike: Global Offensive (CSGO) since February 2019. Reported to be infected.
Microsoft Word-Baldr vs The World-TLP Amber.docx
Hundreds Of Players Trying To Cheat At Apex Legends And Counter-Strike Get Their Private Data Stolen
Users who use cheat tools such as correcting their aim to win an opponent may be infected with malware named “Baldr” that steals personal and financial information. Baldr steals personal information, credit card information, login information for shopping services such as Amazon and Paypal, and login information for services such as Battle.net/Steam/Epic Game from the infected user's PC.
The figure below shows the domain of the service that Baldr steals login information. The larger the text size, the more users have stolen their login information. There are game-related services such as mojang.com, epicgames.com, and twitch.tv, but there are also major IT services such as google.com and facebook.com, and shopping services such as amazon.com, ebay.com, and paypal.com. I understand that.
According to Sophos, 'Baldr steals credentials, cookies, and cacheable data that can be resold in a matter of seconds.'
And the information that Baldr stealed from the user's PC seems to have been sold on the dark web. Sophos security researcher Albert Zsigovits told Kotaku, an overseas game media, 'What we noticed is that we quickly steal sensitive information and let the victim's credentials flow seamlessly onto the web. Baldr ’s ability. ”
According to Zsigovits, Sophos tracks around 500-600 Baldr
The following pie chart shows the percentage of PCs infected with Baldr detected by Sophos. Indonesia (21.85%), Brazil (14.14%), Russia (13.68%), America (10.52%), India (8.77%), Germany (5.43%), France (3.89%), Vietnam (3.83%) Canada (3.62%), Netherlands (3.59%) and Australia (1.43%).
In addition, it seems that the malware Baldr was included in the cheat tool “CSGO Aimbot + Wallhack” for CSGO and the cheat tool “Apex Legends New Cheat 0.2.1” for Apex Legends. It has been confirmed that these cheat tools are linked mainly from the description column of videos that promote cheat activities on YouTube. For example, a movie released on YouTube at the time of article creation distributes a cheat tool from the comment section of the video, and the comment `` Thank you '' of the user who downloaded the cheat and cheat tool is displayed in the reply It is.
In addition, it is confirmed that some tool users are advertising to other users on services such as Twitch and Discord.
It seems that Baldr's activities peaked in May 2019, but their credentials are not sold well on the dark web. But Baldr itself is still breaching data, 'Zygovits said,' cybercriminals who purchased this malware before Baldr disappeared can still use it.