In a sweeping worldwide effort, the U.S. Division of Justice, Federal Bureau of Investigation, and a number of international regulation enforcement businesses have uncovered “Operation Magnus,” focusing on two of the world’s most infamous information-stealing malware networks, RedLine Stealer and META.
In line with a press launch printed on Oct. 29, the operation led to the seizure of a number of servers, the unsealing of costs towards a RedLine Stealer developer, and the arrest of two suspects in Belgium.
RedLine and META info stealers
RedLine Stealer and META are two distinct kinds of malware referred to as “info stealers,” or “infostealers,” designed to seize delicate person knowledge. The existence of RedLine Stealer was initially reported in 2020, whereas META first appeared in 2022.
In an interview, a consultant of the META malware revealed that its improvement initially relied on parts of RedLine Stealer’s supply code, which had been acquired via a sale. Each malware are able to stealing delicate info from contaminated computer systems, reminiscent of:
- Usernames and passwords for on-line providers, together with e-mail containers.
- Monetary info reminiscent of bank card numbers or banking accounts.
- Session cookies to impersonate customers on on-line providers.
- Cryptocurrency wallets.
SEE: Find out how to Create an Efficient Cybersecurity Consciousness Program (TechRepublic Premium)
Each malware additionally present the potential to bypass multi-factor authentication. The stolen info can be utilized by the controller of the malware however may also be offered as recordsdata known as “logs” in underground cybercriminal boards or marketplaces.
RedLine Stealer and META have contaminated tens of millions of computer systems worldwide — and have stolen much more credentials. Specops Software program, an organization centered on password safety, reported that RedLine Stealer captured greater than 170 million passwords in solely six months, whereas META stole 38 million passwords throughout that very same interval.
RedLine Stealer has additionally been used to conduct intrusions towards main companies, in line with the DOJ press launch.
Malware-as-a-Service (MaaS) enterprise mannequin
Each malware households are offered via a Malware-as-a-Service enterprise mannequin, the place cybercriminals buy a license to make use of variants of the malware after which launch their very own infecting campaigns. This may be carried out through infecting emails, malvertising, fraudulent software program downloads, malicious software program sideloading, and immediate messaging. Completely different cybercriminals have used varied social engineering lures and methods to contaminate victims, together with faux Home windows updates.
A number of servers, communication channels shut down
A warrant issued by the Western District of Texas licensed regulation enforcement to grab two command and management domains utilized by RedLine Stealer and META.
Each domains now present content material concerning the operation.
Three servers have been shut down within the Netherlands, and a number of other RedLine Stealer and META communication channels have been taken down by Belgian authorities.
Moreover, an internet site about Operation Magnus informs and helps victims. A video proven on the web site sends a powerful message to cybercriminals who’ve used RedLine or META, exposing a listing of nicknames mentioned to be VIPs — “Very Necessary to the Police” — and ends with the picture of handcuffs and a message: “We’re wanting ahead to seeing you quickly!”
The web site additionally gives an internet scanner for RedLine/META infections from cybersecurity firm ESET.
The U.S. DOJ has additionally unsealed costs towards Maxim Rudometov, one of many builders and directors of the RedLine Stealer malware, who frequently accessed and managed the infrastructure. Rudometov can be related to varied cryptocurrency wallets used to obtain and launder funds from RedLine prospects.
Two different people have been additionally taken into custody in Belgium, though one was launched with out additional particulars out there to the general public.
Find out how to defend from info stealers
Info stealers can infect computer systems in myriad methods — which is why all methods and software program should be up to date and patched to forestall an an infection that will leverage a standard vulnerability.
As well as, corporations can defend from cybercriminals by:
- Implementing Safety software program and antivirus on all methods.
- Deploying multi-factor authentication additionally provides a protecting layer of safety for providers needing authentication.
- Altering all passwords if a system is compromised. This should be carried out as quickly because the stealer is faraway from the system.
Additional, customers ought to by no means use the identical password for various providers. Using password managers is extremely environment friendly to make use of a single complicated password for each service or instrument and ought to be necessary in organizations.
Disclosure: I work for Pattern Micro, however the views expressed on this article are mine.
