The cybersecurity landscape has been shaken by the discovery that a single piece of malware, known as RedLine, has stolen over 170 million passwords in the past six months.
This alarming statistic has placed RedLine at the forefront of cyber threats, accounting for nearly half of all stolen credentials analyzed during this period.
Darren James, the Senior Product Manager at Specops, commented on the research outcomes, stating:
“It’s quite remarkable that a single strain of malware has been implicated in the theft of almost 50% of the passwords we’ve examined.
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities. :
AcuRisQ, that helps you to quantify risk accurately:
Specopssoft has released a report outlining the most commonly used malware techniques hackers employ to steal user passwords.
Overview and Discovery
Redline, identified in March 2020, has quickly become a highly favored tool among cybercriminals for its proficiency in extracting personal information.
Its primary objective is to siphon off credentials, cryptocurrency wallets, and financial data and subsequently upload this stolen information to the malware’s command-and-control (C2) infrastructure.
Redline often comes bundled with a cryptocurrency miner, targeting gamers with high-performance GPUs for deployment.
According to a recent tweet by ImmuniWeb, Redline malware has been identified as the primary credential stealer over the past six months.
Distribution Techniques
The malware employs diverse distribution methods, with phishing campaigns taking the lead.
Cybercriminals have adeptly utilized global events, such as the COVID-19 pandemic, as bait to entice unsuspecting individuals into downloading Redline.
From mid-2021, an innovative approach involving YouTube has been observed:
Genesis and Operation
Vidar, a sophisticated evolution of the Arkei Stealer, scrutinizes the language settings of infected machines to selectively target or exclude specific countries.
It initializes necessary strings and generates a Mutex for its operation.
Vidar is available in two versions: the original, Vidar Pro, and a cracked version known as Anti-Vidar, distributed through underground forums.
Distribution Channels
In early 2022, Vidar was detected in phishing campaigns disguised as Microsoft Compiled HTML Help (CHM) files.
It has also been distributed via various malware services and loaders, including PrivateLoader, the Fallout Exploit Kit, and the Colibri loader.
By late 2023, the GHOSTPULSE malware loader was observed as a new distribution method for Vidar.
Introduction and Sales Model
Raccoon Stealer, first seen on the cybercriminal market in April 2019, operates on a malware-as-a-service model.
This allows cybercriminals to rent the stealer every month.
It debuted on the prominent Russian-language forum Exploit, boasting the slogan “We steal, You deal!”
Market Presence
The malware has been primarily marketed on Russian-language underground forums, including Exploit and WWH-Club.
In October 2019, it expanded its reach to the English-speaking segment of the cybercriminal underworld via Hack Forums.
The promoters of Raccoon Stealer occasionally offer “test weeks,” suggesting that potential customers can try the product before making a purchase.
The research underscores the risks associated with password reuse, a familiar yet dangerous practice.
Even with robust password policies, reused passwords can be compromised on insecure sites and devices, posing a significant threat to organizational security.
Studies by Bitwarden and LastPass have highlighted the prevalence of password reuse despite widespread awareness of its risks.
With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The xattr command in Unix-like systems allows for the embedding of hidden metadata within files,…
ProjectSend, an open-source file-sharing web application, has become a target of active exploitation following the…
NVIDIA has released a critical security update addressing a significant vulnerability in its Unified Fabric…
Fukui Prefectural Police have indicted a 15-year-old junior high school student from Saitama Prefecture for…
GitLab, a widely used platform for DevOps lifecycle management, has released critical security updates for…
Cebu-based entrepreneur Brian Christopher Aguilar has emerged as a notable figure in the cryptocurrency sector,…