Sophos: Baldr malware targets PC gamers to gain entry to other computers

Baldr malware has gone missing in June after cybercriminals after an internal rift. Sophos, a network and endpoint security firm, expects it to make a comeback anytime soon guessing that it may come under a different name.

In its threat research report titled “Baldr vs the World,” the cybersecurity company reveals that the malware’s primary targets are PC gamers who serve as an entry point to other computers. Baldr developers were able to sell the malware to the Deep Web with “entry-level” cybercriminals diving into the opportunity targeting primarily PC gamers.

(The deep web is a middle ground between the surface web (where internet users browse) and the Dark Web, where cybercriminals are believed to be lurking. Since it is harder to access the Dark Web, cybercriminals sometimes sell their malware on the Deep Web to reach a broader audience or rookie cybercriminals looking for a quick cyberbuck. SophosLabs believes this was the intention of the Baldr developers. )

Baldr, like many types of malware, uses code fragments borrowed from other malware families. However, Baldr goes further and utilizes duplicates from other malware. To illustrate, it pieces together gathered codes and built it into one dangerous one or in the literature reference it becomes a “Frankenstein’s monster of code snippets.”

One reason computer users should be aware of Baldr is that it can quickly ransack a wide range of information from its victims, including saved passwords, cached data, configuration files, cookies, and other files, from a wide variety of applications.


SophosLabs has tracked infections worldwide, including in these countries:

  • Indonesia (more than 21% of the victim population)
  • United States (10.52%)
  • Brazil (14.14%)
  • Russia (13.68%)
  • India (8.77%)

“Whether Baldr was a flash-in-the-pan that quickly peaked and then fell victim to a squabble among cyberthieves or will return as a long-term threat, remains to be seen,” said Albert Zsigovits, threat researcher, SophosLabs in Hungary. “However, its very existence is a good reminder that even stolen bits of malware code stitched together to create a ‘Frankenstein-like malware monster’ can be incredibly effective at bursting in, grabbing everything and rushing out again. The only way to stop such threats is with basic, but essential security practices that include using up-to-date security software.”

Hardcore gamers are known to use top-of-the-line systems that allow them to install custom tools, utilities, and applications. This makes them vulnerable to malware infection especially if they do not use enough security tools. Also, utilities that enable “cheats” often use common malware techniques such as DLL injection or modifying or injecting code into memory. This leads to system instability further destabilizing the game experience.

“Even though Baldr is currently off the deep market, it can still be used by cybercriminals who had previously purchased it and is still a potential threat,” said Zsigovits. “In general, PC gamers and all computer users should be wary of malware and take steps to protect their systems with security software, which scans gaming software and cheats.”

In order to protect their network against Baldr, Sophos advises users to be more cautious in clicking too-good-to-be-true online advertisements which may contain the malware. Businesses can use an enterprise security solution that detects malware, such as Sophos Intercept X, which also protects against ransomware. Sophos Home is ideal for scanning gaming and family computers to detect Baldr and other malware.

Sophos Home deploys a layered security approach, combining behavioral detection, advanced exploit protection, anti-virus and AI-based static detection that work in tandem to protect gamers. Additionally, Sophos Home protects file transfers from questionable gaming sites and servers by analyzing network traffic to detect malicious traffic and by scanning downloaded files in real-time as they are written to the file system. Combined with protection from phishing sites and remote management features, Sophos Home provides a well-rounded approach to protection that is an ideal security choice for gamers.

Lastly, all computer users need to be smart about passwords. Use and change complex passwords frequently, use unique, one-of-a-kind passwords for banking and other financial online accounts and monitor accounts for suspicious activity.