Friday, November 1, 2024
HomeCyber Security NewsRedLine and META Infostealers Infrastructure Seized by Authorities

RedLine and META Infostealers Infrastructure Seized by Authorities

Published on

Malware protection

An international coalition led by the U.S. Department of Justice has dismantled the infrastructure behind the notorious RedLine and META infostealers.

These malware variants have plagued millions of computers worldwide, stealing sensitive information and facilitating further cybercriminal activities.

Operation Magnus was a joint effort involving the US Department of Justice, FBI, Naval Criminal Investigative Service, IRS Criminal Investigation, Defense Criminal Investigative Service, and Army Criminal Investigation Division.

- Advertisement - SIEM as a Service

It collaborated with international partners through the Joint Cybercrime Action Taskforce (JCAT), supported by Europol.

The operation successfully seized domains, servers, and Telegram accounts used by the administrators of RedLine and META.

Protecting Your Networks & Endpoints With UnderDefense MDR – Request Free Demo

RedLine and META Infostealers

Infostealers like RedLine and META are designed to extract valuable data from victims’ computers, including usernames, passwords, financial details, system information, cookies, and cryptocurrency accounts.

This stolen data, often called “logs,” is sold on cybercrime forums and used for further fraudulent activities.

RedLine has been particularly notorious for enabling cybercriminals to bypass multi-factor authentication by stealing cookies.

RedLine and META operate under a decentralized Malware as a Service (MaaS) model.

Affiliates purchase licenses to use the malware and launch their campaigns through malvertising, email phishing, fraudulent software downloads, and malicious software sideloading.

These infostealers have been distributed using various schemes, including COVID-19 and Windows update ruses.

Law enforcement agencies have collected extensive victim log data from computers infected with these infostealers.

While the total amount of stolen data is still being assessed, millions of unique credentials have been identified.

The U.S. has unsealed a warrant from the Western District of Texas authorizing the seizure of two domains used for command and control by RedLine and META.

In conjunction with the disruption efforts, charges have been filed against Maxim Rudometov, believed to be one of RedLine’s developers and administrators.

He faces charges including access device fraud, conspiracy to commit computer intrusion, and money laundering. If convicted, Rudometov could face significant prison time.

The FBI Austin Cyber Task Force is leading the investigation with support from various agencies. Assistant U.S. Attorney G. Karthik Srinivasan is prosecuting the case with assistance from international partners.

Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...