Cheating is one of the biggest problems that gamers and gaming companies face. Cheating seems lucrative in multiplayer games where players can get an edge over opponents. This leads a lot of people to download cheats to use in multiplayer games. And it seems that hackers were counting on this and released a new malware that targets cheaters. The new malware called Baldr which steals gaming account passwords and sensitive account details of affected users. This malware started doing the rounds from early this year. It has mainly been transmitted through the cheating software that were promoted on YouTube. Also Read - Android app offering free Netflix may steal your WhatsApp dataAlso Read - Apex Legends to soon get private match feature, 'cool stuff' from Titanfall
Potential cheaters often refer to YouTube videos to get cheats. And these are often juveniles and not adults who understand the risks. Digital security firm Sophos, said in an analysis, “These videos were used to advertise tools that purport to give online game players one or more abilities to cheat in games such as Counter-Strike: Go or Apex Legends. The video details often contained a link that a viewer could use to download the tool. We also saw download links distributed in gaming-specific channels on both the Discord and Telegram chat services.” Also Read - Fortnite Season 6 brings new primal theme with Lara Croft, Neymar skin
New Malware: Targets
Popular multiplayer games like Apex Legends, Fortnite, and Counter Strike Global Offensive are prime targets. Baldr is capable of stealing credit card numbers, login credentials for gaming sites and other online platforms, as well as other personal information. And it all seems like the perfect plot because cheating in competitive games in a crime. Criminals being targeted in a crime makes it easy.
“In addition to these distribution methods, we found instances where we found Baldr malware included with pirated versions of games offered for illicit download, as well as bundled along with maliciously modified installers of otherwise legitimate cryptocurrency miner software,” explains the Sophos blog.
The origin of the virus is unclear, and has affected large number of users. These include countries like Brazil, Russia, Indonesia, Singapore, and the US. But researchers have found that there is an option in the malware to not attack users in Russia. The Telegraph notes that this could mean that it is of Russian origin. This is because it is a criminal offence in Russia to hack domestic targets.
Sophos has now claimed that Baldr is now moving from stealing in-game currencies to stealing Netflix passwords. These are then being sold on the dark web. So it seems that the cheaters are being cheated and not just in games. Baldr just needs the software to be installed once and it packages all the information and sends it over to the host.