In a sweeping worldwide effort, the U.S. Division of Justice, the Federal Bureau of Investigation, and a number of international regulation enforcement companies have uncovered “Operation Magnus,” concentrating on two of the world’s most infamous information-stealing malware networks, RedLine Stealer and META.
Based on a press launch revealed on Oct. 29, the operation led to the seizure of a number of servers, the unsealing of expenses in opposition to a RedLine Stealer developer, and the arrest of two suspects in Belgium.
RedLine and META data stealers
RedLine Stealer and META are two distinct forms of malware generally known as “information stealers,” or “infostealers,” designed to seize delicate person knowledge. The existence of RedLine Stealer was initially reported in 2020, whereas META first appeared in 2022.
In an interview, a consultant of the META malware revealed that its improvement initially relied on parts of RedLine Stealer’s supply code, which had been acquired by means of a sale. Each malware are able to stealing delicate data from contaminated computer systems, reminiscent of:
- Usernames and passwords for on-line companies, together with e-mail packing containers.
- Monetary data reminiscent of bank card numbers or banking accounts.
- Session cookies to impersonate customers on on-line companies.
- Cryptocurrency wallets.
SEE: How you can Create an Efficient Cybersecurity Consciousness Program (TechRepublic Premium)
Each malware additionally present the potential to bypass multi-factor authentication. The stolen data can be utilized by the controller of the malware however can be bought as recordsdata referred to as “logs” in underground cybercriminal boards or marketplaces.
RedLine Stealer and META have contaminated hundreds of thousands of computer systems worldwide — and have stolen much more credentials. Specops Software program, an organization centered on password safety, reported that RedLine Stealer captured greater than 170 million passwords in solely six months, whereas META stole 38 million passwords throughout that very same interval.
RedLine Stealer has additionally been used to conduct intrusions in opposition to main firms, in keeping with the DOJ press launch.
Malware-as-a-Service (MaaS) enterprise mannequin
Each malware households are bought by means of a Malware-as-a-Service enterprise mannequin, the place cybercriminals buy a license to make use of variants of the malware after which launch their very own infecting campaigns. This may be achieved by way of infecting emails, malvertising, fraudulent software program downloads, malicious software program sideloading, and immediate messaging. Totally different cybercriminals have used varied social engineering lures and tips to contaminate victims, together with pretend Home windows updates.
A number of servers, communication channels shut down
A warrant issued by the Western District of Texas approved regulation enforcement to grab two command and management domains utilized by RedLine Stealer and META.
Each domains now present content material concerning the operation.
Three servers have been shut down within the Netherlands, and several other RedLine Stealer and META communication channels have been taken down by Belgian authorities.
Moreover, a web site about Operation Magnus informs and helps victims. A video proven on the web site sends a robust message to cybercriminals who’ve used RedLine or META, exposing an inventory of nicknames stated to be VIPs — “Very Important to the Police” — and ends with the picture of handcuffs and a message: “We are looking forward to seeing you soon!”
The web site additionally provides a web based scanner for RedLine/META infections from cybersecurity firm ESET.
The U.S. DOJ has additionally unsealed expenses in opposition to Maxim Rudometov, one of many builders and directors of the RedLine Stealer malware, who frequently accessed and managed the infrastructure. Rudometov can be related to varied cryptocurrency wallets used to obtain and launder funds from RedLine prospects.
Two different people have been additionally taken into custody in Belgium, though one was launched with out additional particulars obtainable to the general public.
How you can shield from data stealers
Data stealers can infect computer systems in myriad methods — which is why all methods and software program have to be up to date and patched to forestall an an infection that may leverage a typical vulnerability.
As well as, firms can shield from cybercriminals by:
- Implementing Safety software program and antivirus on all methods.
- Deploying multi-factor authentication additionally provides a protecting layer of safety for companies needing authentication.
- Altering all passwords if a system is compromised. This have to be achieved as quickly because the stealer is faraway from the system.
Additional, customers ought to by no means use the identical password for various companies. The usage of password managers is very environment friendly to make use of a single advanced password for each service or software and ought to be necessary in organizations.
Disclosure: I work for Pattern Micro, however the views expressed on this article are mine.