Following the takedown of RedLine Stealer by international authorities, ESET researchers are publicly releasing their research into the infostealer’s backend modules.

An unsealed criminal complaint says U.S. investigators used public evidence from various online platforms to identify a Russian national as the alleged creator of the Redline malware.

Gamers searching for game cheats are falling victim to a global malware campaign delivering RedLine Stealer.

Redline Dropped Through MSIX Package, Author&colon

On February 27, 2023, a “The Sandbox” employee was compromised, resulting in sending malspam which introduced them to “PureLand”. It leads to a RedLine Stealer and an unknown stealer for macOS. A…

Key Findings:

• The use of Microsoft OneNote documents to deliver malware via email is increasing.
• Multiple cybercriminal threat actors are using OneNote documents to deliver malware.
• While some campaigns are targeted at specific industries, most are broadly targeted and include thousands of messages.
• In order to detonate the payload, an end-user must interact with the OneNote document.
• Campaigns have impacted organizations globally, including North America and Europe.
• TA577 returned from a month-long hiatus in activity and began using OneNote to deliver Qbot at the end of January 2023.

Hackers are setting up fake websites for popular free and open-source software to promote malicious downloads through advertisements in Google search results.

RedLine is an information stealer which operates on a MaaS (malware-as-a-service) model. This stealer is available on underground forums, and priced according to users' needs.

2K Games Support System was hacked by an unknown hacker group targeting gamers via a fake user ticketing system.

An unusual malicious bundle (a collection of malicious programs distributed in the form of a single installation file, self-extracting archive or other file with installer-type functionality) recently caught our eye. Its main payload is the widespread RedLine stealer. Discovered in March 2020, RedLine is currently one of the most common Trojans used to steal passwords and credentials from browsers, FTP clients and desktop messengers. It is openly available on underground hacker forums for just a few hundred dollars, a relatively small price tag for malware.

RedLine is a stealer distributed as cracked games, applications, and services. The malware steals information from web browsers, cryptocurrency wallets, and applications such as FileZilla, Discord, Steam, Telegram, and VPN clients. The binary also gathers data about the infected machine, such as the running processes, antivirus products, installed programs, the Windows product name, the processor architecture, etc. The stealer implements the following actions that extend its functionality: Download, RunPE, DownloadAndEx, OpenLink, and Cmd. The extracted information is converted to the XML format and exfiltrated to the C2 server via SOAP messages.