Saturday, December 28, 2024
HomeCyber Security NewsRedLine Malware Takes Lead in Hijacking Over 170M+ Passwords in 6 Months

RedLine Malware Takes Lead in Hijacking Over 170M+ Passwords in 6 Months

Published on

SIEM as a Service

The cybersecurity landscape has been shaken by the discovery that a single piece of malware, known as RedLine, has stolen over 170 million passwords in the past six months.

This alarming statistic has placed RedLine at the forefront of cyber threats, accounting for nearly half of all stolen credentials analyzed during this period.

Darren James, the Senior Product Manager at Specops, commented on the research outcomes, stating:

- Advertisement - SIEM as a Service

“It’s quite remarkable that a single strain of malware has been implicated in the theft of almost 50% of the passwords we’ve examined.

Document

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.:

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, that helps you to quantify risk accurately:

Our analysis reveals that Redline malware has emerged as the preferred tool among hackers for password theft, amassing an astonishing 170 million compromised credentials within six months.”

Specopssoft has released a report outlining the most commonly used malware techniques hackers employ to steal user passwords.

most popular credential thieves
most popular credential thieves

Top three password-stealing malware:

Redline: The Premier Password Pilferer

Overview and Discovery
Redline, identified in March 2020, has quickly become a highly favored tool among cybercriminals for its proficiency in extracting personal information.

Its primary objective is to siphon off credentials, cryptocurrency wallets, and financial data and subsequently upload this stolen information to the malware’s command-and-control (C2) infrastructure.

Redline often comes bundled with a cryptocurrency miner, targeting gamers with high-performance GPUs for deployment.

According to a recent tweet by ImmuniWeb, Redline malware has been identified as the primary credential stealer over the past six months.

Distribution Techniques

The malware employs diverse distribution methods, with phishing campaigns taking the lead.

Cybercriminals have adeptly utilized global events, such as the COVID-19 pandemic, as bait to entice unsuspecting individuals into downloading Redline.

From mid-2021, an innovative approach involving YouTube has been observed:

  • Initially, a Google/YouTube account is compromised by the threat actor.
  • The attacker creates various channels or uses existing ones to post videos.
  • These videos, often promoting gaming cheats and cracks, include malicious links in their descriptions, cleverly tied to the video’s theme.
  • Unsuspecting users clicking these links inadvertently download Redline, leading to the theft of their passwords and other sensitive information.

Vidar: The Evolving Threat

Genesis and Operation
Vidar, a sophisticated evolution of the Arkei Stealer, scrutinizes the language settings of infected machines to selectively target or exclude specific countries.

It initializes necessary strings and generates a Mutex for its operation.

Vidar is available in two versions: the original, Vidar Pro, and a cracked version known as Anti-Vidar, distributed through underground forums.

Distribution Channels

In early 2022, Vidar was detected in phishing campaigns disguised as Microsoft Compiled HTML Help (CHM) files.

It has also been distributed via various malware services and loaders, including PrivateLoader, the Fallout Exploit Kit, and the Colibri loader.

By late 2023, the GHOSTPULSE malware loader was observed as a new distribution method for Vidar.

Raccoon Stealer: Malware-as-a-Service

Introduction and Sales Model

Raccoon Stealer, first seen on the cybercriminal market in April 2019, operates on a malware-as-a-service model.

This allows cybercriminals to rent the stealer every month.

It debuted on the prominent Russian-language forum Exploit, boasting the slogan “We steal, You deal!”

Market Presence

The malware has been primarily marketed on Russian-language underground forums, including Exploit and WWH-Club.

In October 2019, it expanded its reach to the English-speaking segment of the cybercriminal underworld via Hack Forums.

The promoters of Raccoon Stealer occasionally offer “test weeks,” suggesting that potential customers can try the product before making a purchase.

The research underscores the risks associated with password reuse, a familiar yet dangerous practice.

Even with robust password policies, reused passwords can be compromised on insecure sites and devices, posing a significant threat to organizational security.

Studies by Bitwarden and LastPass have highlighted the prevalence of password reuse despite widespread awareness of its risks.

With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Lumma Stealer Attacking Users To Steal Login Credentials From Browsers

Researchers observed Lumma Stealer activity across multiple online samples, including PowerShell scripts and a...

New ‘OtterCookie’ Malware Attacking Software Developers Via Fake Job Offers

Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated...

NjRat 2.3D Pro Edition Shared on GitHub: A Growing Cybersecurity Concern

The recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms...

Palo Alto Networks Vulnerability Puts Firewalls at Risk of DoS Attacks

A critical vulnerability, CVE-2024-3393, has been identified in the DNS Security feature of Palo...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Lumma Stealer Attacking Users To Steal Login Credentials From Browsers

Researchers observed Lumma Stealer activity across multiple online samples, including PowerShell scripts and a...

New ‘OtterCookie’ Malware Attacking Software Developers Via Fake Job Offers

Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated...

NjRat 2.3D Pro Edition Shared on GitHub: A Growing Cybersecurity Concern

The recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms...