Cyber Security News

RedLine and META Infostealers Infrastructure Seized by Authorities

An international coalition led by the U.S. Department of Justice has dismantled the infrastructure behind the notorious RedLine and META infostealers.

These malware variants have plagued millions of computers worldwide, stealing sensitive information and facilitating further cybercriminal activities.

Operation Magnus was a joint effort involving the US Department of Justice, FBI, Naval Criminal Investigative Service, IRS Criminal Investigation, Defense Criminal Investigative Service, and Army Criminal Investigation Division.

It collaborated with international partners through the Joint Cybercrime Action Taskforce (JCAT), supported by Europol.

The operation successfully seized domains, servers, and Telegram accounts used by the administrators of RedLine and META.

Protecting Your Networks & Endpoints With UnderDefense MDR – Request Free Demo

RedLine and META Infostealers

Infostealers like RedLine and META are designed to extract valuable data from victims’ computers, including usernames, passwords, financial details, system information, cookies, and cryptocurrency accounts.

This stolen data, often called “logs,” is sold on cybercrime forums and used for further fraudulent activities.

RedLine has been particularly notorious for enabling cybercriminals to bypass multi-factor authentication by stealing cookies.

RedLine and META operate under a decentralized Malware as a Service (MaaS) model.

Affiliates purchase licenses to use the malware and launch their campaigns through malvertising, email phishing, fraudulent software downloads, and malicious software sideloading.

These infostealers have been distributed using various schemes, including COVID-19 and Windows update ruses.

Law enforcement agencies have collected extensive victim log data from computers infected with these infostealers.

While the total amount of stolen data is still being assessed, millions of unique credentials have been identified.

The U.S. has unsealed a warrant from the Western District of Texas authorizing the seizure of two domains used for command and control by RedLine and META.

In conjunction with the disruption efforts, charges have been filed against Maxim Rudometov, believed to be one of RedLine’s developers and administrators.

He faces charges including access device fraud, conspiracy to commit computer intrusion, and money laundering. If convicted, Rudometov could face significant prison time.

The FBI Austin Cyber Task Force is leading the investigation with support from various agencies. Assistant U.S. Attorney G. Karthik Srinivasan is prosecuting the case with assistance from international partners.

Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Lumma Stealer Attacking Users To Steal Login Credentials From Browsers

Researchers observed Lumma Stealer activity across multiple online samples, including PowerShell scripts and a disguised…

14 hours ago

New ‘OtterCookie’ Malware Attacking Software Developers Via Fake Job Offers

Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated attack…

14 hours ago

NjRat 2.3D Pro Edition Shared on GitHub: A Growing Cybersecurity Concern

The recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms in…

14 hours ago

Palo Alto Networks Vulnerability Puts Firewalls at Risk of DoS Attacks

A critical vulnerability, CVE-2024-3393, has been identified in the DNS Security feature of Palo Alto…

14 hours ago

Araneida Scanner – Hackers Using Cracked Version Of Acunetix Vulnerability Scanner

Threat Analysts have reported alarming findings about the "Araneida Scanner," a malicious tool allegedly based…

2 days ago

A Dark Web Operation Acquiring KYC Details TO Bypass Identity Verification Systems

A major dark web operation dedicated to circumventing KYC (Know Your Customer) procedures, which involves…

2 days ago