×
Cookies help us deliver our Services. By using our Services, you agree to our use of cookies. Learn More.

Apex Legends cheaters have personal info stolen by malware

In an unexpected twist, several Apex Legends and Counter-Strike: Global Offensive players attempting to download cheats have exposed their personal information to Baldr, credential-stealing malware.

According to a report published by cyber security company Sophos, hundreds of users have infected their computers with the malware since February. Sophos discovered Baldr hidden inside cheats with names such as "Apex Legends New Cheat 0.2.1." Baldr's creator targeted gamers via YouTube videos, advertisements, and game-specific channels like Discord and Telegram. They also found Baldr camouflaged within pirated games and modified cryptocurrency miner software.

"At its most fundamental level, Baldr functions as a tool to profile a victim's computer, and steal as much valuable data as quickly as possible," explains the report. "Baldr can scrape the saved passwords, cookies, and other information from at least 22 different web browsers and will relieve you of your hard-won cryptocurrency if you use one of 14 wallets the malware is capable of raiding."

Baldr completes these scrapes in a matter of seconds, retrieving credit card information, identity information, and login credentials for services like Amazon, Steam, Epic Games, and Paypal. Baldr operators then sell this data on the darkweb. Sophos threat researcher Albert Zsigovits has tracked between 500 to 600 incidents of the malware internationally, with the majority centered in Indonesia, Brazil, Russia and the United States. 

Though Baldr's popularity has fallen in recent months, it still poses a threat, bringing to mind the old adage that "cheaters never prosper." According to Sophos, the main developer and distributor of the malware had a falling out, with the distributor dropping Baldr as a product for sale. Sophos expects Baldr to re-emerge soon, possibly under a different name. The malware "continues to wreak havoc," Zsigovits told Kotaku. "The cybercriminals who bought Baldr before it disappeared can still use the malware, and they are."