Since February, a number of good for nothing Apex Legends and Counter-Strike: Global Offensive Companies hoping to download tips have actually infected their computers with malware stealing identification information, the Sophos security company discovered.
First-person shooters hoping to gain an advantage over their opponents saw their personal and financial information siphoned off and sold for months, according to a Sophos report released last week. The malware, named Baldr by its creator, has effectively extracted sensitive data from infected users: credit card information; login credentials for purchasing services such as Amazon and Paypal; references for Battle.net, Steam and Epic Game; or identity information. According to Sophos, his job was "to scrape and steal all identifying information, cookies or cached data of resalable value in seconds". Baldr was buried in a group of cheats with names such as "CSGO Aimbot + Wallhack" and "Apex Legends New Cheat 0.2.1," said the researcher in the security sector.
Once the data is acquired, Baldr operators could sell them on darkweb markets. "What caught our attention is Baldr's ability to quickly steal identities and transparently filter victims' credentials. Baldr was incredibly efficient in breaking in, capturing everything and leaving in a hurry, "said Albert Zsigovits, threat researcher at Sophos, via e-mail.
Zsigovits said he monitored 500 to 600 international cases of malware, with the majority of cases in Indonesia, Brazil, Russia, and the United States. Advertisements for malware-infected cheat software appeared primarily on YouTube in video descriptions announcing cheats. Its promoters have also announced it in Twitch cats and on Discord servers.
The popularity of malware reached its peak in May. But, says Zsigovits, "it continues to wreak havoc, although sales on dark forums are fewer." Cyber criminals who bought Baldr before he disappeared can still use the malware, and they are. "