2019-11-30, 10:00–10:30, Dachsaal
In January, 2019, SophosLabs discovered a new family of credential stealing malware that called itself Baldr was being marketed on message boards used to advertise malware. In a short period of time, the developer of Baldr made a significant number of improvements and updates, including two major releases. Baldr enjoyed a rapid growth in sales and within a few months, had more than 200 criminal customers who were using it to steal valuable credentials, mainly from video game players, who were the most frequently targeted victims. In this talk, we will discuss the mechanism by which Baldr performs its tasks, how the malware markets and promotes itself, and some of the vulnerabilities in its command-and-control panel, which has allowed other criminals to take over its C2 servers.