The rise and fall of Baldr: Frankeinstein's malware enjoys a wild ride
11-30, 10:00–10:30 (Europe/Vienna), Dachsaal

In January, 2019, SophosLabs discovered a new family of credential stealing malware that called itself Baldr was being marketed on message boards used to advertise malware. In a short period of time, the developer of Baldr made a significant number of improvements and updates, including two major releases. Baldr enjoyed a rapid growth in sales and within a few months, had more than 200 criminal customers who were using it to steal valuable credentials, mainly from video game players, who were the most frequently targeted victims. In this talk, we will discuss the mechanism by which Baldr performs its tasks, how the malware markets and promotes itself, and some of the vulnerabilities in its command-and-control panel, which has allowed other criminals to take over its C2 servers.

Albert works as a Threat Researcher at Sophos.

He joins us from a traditional blue team background, kickstarting his cyber career analyzing security events as an IDS analyst, and later investigating breaches as an incident responder for a Fortune 50 company.

His specialities include threat hunting, memory forensics and signature development. In his spare-time he enjoys reverse engineering malware and diving deep into deep-web territories, connecting the dots between criminals leveraging threat intelligence and open source intelligence techniques.