In a sweeping worldwide effort, the U.S. Division of Justice, the Federal Bureau of Investigation, and a number of international regulation enforcement businesses have uncovered “Operation Magnus,” concentrating on two of the world’s most infamous information-stealing malware networks, RedLine Stealer and META.
In line with a press launch revealed on Oct. 29, the operation led to the seizure of a number of servers, the unsealing of expenses in opposition to a RedLine Stealer developer, and the arrest of two suspects in Belgium.
RedLine and META data stealers
RedLine Stealer and META are two distinct forms of malware generally known as “data stealers,” or “infostealers,” designed to seize delicate consumer knowledge. The existence of RedLine Stealer was initially reported in 2020, whereas META first appeared in 2022.
In an interview, a consultant of the META malware revealed that its growth initially relied on parts of RedLine Stealer’s supply code, which had been acquired by means of a sale. Each malware are able to stealing delicate data from contaminated computer systems, comparable to:
- Usernames and passwords for on-line companies, together with e-mail bins.
- Monetary data comparable to bank card numbers or banking accounts.
- Session cookies to impersonate customers on on-line companies.
- Cryptocurrency wallets.
SEE: Learn how to Create an Efficient Cybersecurity Consciousness Program (TechRepublic Premium)
Each malware additionally present the aptitude to bypass multi-factor authentication. The stolen data can be utilized by the controller of the malware however can be bought as information known as “logs” in underground cybercriminal boards or marketplaces.
RedLine Stealer and META have contaminated hundreds of thousands of computer systems worldwide — and have stolen much more credentials. Specops Software program, an organization centered on password safety, reported that RedLine Stealer captured greater than 170 million passwords in solely six months, whereas META stole 38 million passwords throughout that very same interval.
RedLine Stealer has additionally been used to conduct intrusions in opposition to main firms, in accordance with the DOJ press launch.
Malware-as-a-Service (MaaS) enterprise mannequin
Each malware households are bought by means of a Malware-as-a-Service enterprise mannequin, the place cybercriminals buy a license to make use of variants of the malware after which launch their very own infecting campaigns. This may be performed by way of infecting emails, malvertising, fraudulent software program downloads, malicious software program sideloading, and immediate messaging. Completely different cybercriminals have used varied social engineering lures and methods to contaminate victims, together with faux Home windows updates.
A number of servers, communication channels shut down
A warrant issued by the Western District of Texas licensed regulation enforcement to grab two command and management domains utilized by RedLine Stealer and META.
Each domains now present content material in regards to the operation.
Three servers have been shut down within the Netherlands, and a number of other RedLine Stealer and META communication channels have been taken down by Belgian authorities.
Moreover, a web site about Operation Magnus informs and helps victims. A video proven on the web site sends a robust message to cybercriminals who’ve used RedLine or META, exposing a listing of nicknames stated to be VIPs — “Very Vital to the Police” — and ends with the picture of handcuffs and a message: “We’re trying ahead to seeing you quickly!”
The web site additionally provides an internet scanner for RedLine/META infections from cybersecurity firm ESET.
The U.S. DOJ has additionally unsealed expenses in opposition to Maxim Rudometov, one of many builders and directors of the RedLine Stealer malware, who recurrently accessed and managed the infrastructure. Rudometov can be related to varied cryptocurrency wallets used to obtain and launder funds from RedLine clients.
Two different people have been additionally taken into custody in Belgium, though one was launched with out additional particulars out there to the general public.
Learn how to defend from data stealers
Info stealers can infect computer systems in myriad methods — which is why all techniques and software program should be up to date and patched to forestall an an infection that may leverage a standard vulnerability.
As well as, firms can defend from cybercriminals by:
- Implementing Safety software program and antivirus on all techniques.
- Deploying multi-factor authentication additionally provides a protecting layer of safety for companies needing authentication.
- Altering all passwords if a system is compromised. This should be performed as quickly because the stealer is faraway from the system.
Additional, customers ought to by no means use the identical password for various companies. The usage of password managers is extremely environment friendly to make use of a single complicated password for each service or software and ought to be necessary in organizations.
Disclosure: I work for Pattern Micro, however the views expressed on this article are mine.
