Law Enforcement Operation Targets Information Thieves

In a massive international effort, the U.S. Department of Justice, the Federal Bureau of Investigation, and multiple global law enforcement agencies uncovered “Operation Magnus” targeting RedLine Stealer and META, two of the world’s most notorious information-stealing malware networks.

According to a Press release The operation, published on October 29, led to the takeover of multiple servers, the disclosure of charges against the developer of RedLine Stealer, and the arrest of two suspects in Belgium.

RedLine and META data thieves

RedLine Thief and META are two different types of malware, known as “information thieves” or “knowledge thieves,” designed to capture sensitive user data. RedLine Stealer’s existence initially reported META came first in 2020 appeared In 2022.

One reportA representative of the META malware revealed that its development was initially based on parts of RedLine Stealer’s source code obtained through a sale. Both malware can steal sensitive information from infected computers, such as:

  • Usernames and passwords for online services, including email boxes.
  • Financial information such as credit card numbers or bank accounts.
  • Session cookies to impersonate users in online services.
  • Cryptocurrency wallets.

TO SEE: How to Create an Effective Cybersecurity Awareness Program? (TechRepublic Premium)

Both malware provide the ability to bypass multi-factor authentication. Stolen information can be used by the malware’s controller or sold as files called “logs” on underground cybercrime forums or marketplaces.

RedLine Stealer and META infected millions of computers worldwide and stole even more credentials. Specops Software, a company focused on password security. reported He said that RedLine Stealer captured more than 170 million passwords in just six months, while META stole 38 million passwords in the same period.

RedLine Stealer is also used to break into large companies, according to a DOJ press release.

Malware as a Service (MaaS) business model

Both malware families are sold through the Malware-as-a-Service business model, where cybercriminals purchase a license to use variants of the malware and then launch their own infection campaigns. This can be done through email infecting, malvertising, downloading fake software, installing malware, and instant messaging. Different cybercriminals used various social engineering traps and tricks, including fake Windows updates, to infect victims.

2023 Stats Panel for RedLine Stealer.
2023 Stats Panel for RedLine Stealer. Image: Flare.io

Many servers and communication channels are down

A. guarantee Issued by the Western District of Texas, it authorized law enforcement to seize two command and control sites used by RedLine Stealer and META.

Both areas now show operation-related content.

New page for RedLine Stealer and META hijacked C2 servers.
New page for RedLine Stealer and META hijacked C2 servers. Image:TechRepublic

Three servers were shut down in the Netherlands and several RedLine Stealer and META communication channels were closed by Belgian authorities.

Additionally, a website Informs and supports victims about Operation Magnus. A video featured on the website sends a strong message to cybercriminals using RedLine or META, revealing a list of aliases said to be VIPs (“Very Important to the Police”) and ending with a picture of handcuffs and the message: “We look forward to seeing you soon.” !

The website also offers an online scanner for RedLine/META infections from cybersecurity company ESET.

The US Department of Justice also opened its seal expenses Against Maxim Rudometov, one of the developers and administrators of the RedLine Stealer malware, which regularly accesses and manipulates the infrastructure. Rudometov is also associated with various cryptocurrency wallets used to receive and launder payments from RedLine customers.

two other people One of those detained in Belgium was released without further details being made public.

How to protect ourselves from information thieves

Information thieves can infect computers in numerous ways; Therefore, all systems and software must be updated and patched to prevent an infection that could exploit a common vulnerability.

Additionally, companies can be protected from cybercriminals by:

  • Application of Security software and antivirus to all systems.
  • Deploying multi-factor authentication also adds a protective layer of security for services that require authentication.
  • Changing all passwords if a system is compromised. This should be done as soon as the thief is removed from the system.

Additionally, users should never use the same password for different services. Usage password managers Using a single complex password for each service or tool is highly efficient and should be mandatory in organizations.

Explanation: I work for Trend Micro, but the opinions expressed in this article are my own.