New Grab-and-Go Stealer Is Making Waves

[silversurfer]

Researchers suspect that a new stealer malware dubbed Baldr, first detected in January, has incorporated three known threat actors, according to Malwarebytes.
 
In today's blog post, researchers said that Baldr has earned positive reviews on Russian hacking forums for its use of three threat actors: Agressor for distribution, Overdot for sales and promotion and LordOdin for development. However, it’s not only among Russian hackers that the new malware is making waves.
 
“In our analysis of Baldr, we collected a few different versions, indicating that the malware has short development cycles. The latest version analyzed for this post is version 2.2, announced March 20,” wrote researchers William Tsing, Vasilios Hioureas, and Jérôme Segura.
 
Typically, banking Trojans need a user to log into their bank’s website, but these grab-and-go stealers are different from traditional banking Trojans because they are largely able to steal information without the victims realizing they’ve been compromised.
 
“This means that upon infection, the malware will collect all the data it needs and exfiltrate it right away. Because such stealers are often non-resident (meaning they have no persistence mechanism) unless they are detected at the time of the attack, victims will be none-the-wiser that they have been compromised,” researchers wrote.

SOURCE: https://www.infosecurity-magazine.com/ne...is-making/