Redline, Meta infostealer malware operations seized by police

The Dutch Nationwide Police seized the community infrastructure for the Redline and Meta infostealer malware operations in “Operation Magnus,” warning cybercriminals that their information is now within the palms of the regulation enforcement.

Operation Magnus was introduced on a devoted web site that disclosed the disruption of the Redline and Meta operations, stating that authorized actions primarily based on the seized information are presently underway.

“On the 28th of October 2024 the Dutch National Police, working in close cooperation with the FBI and other partners of the international law enforcement task force Operation Magnus, disrupted operation of the Redline and Meta infostealers,” reads a brief announcement on the Operation Magnus website.

“Involved parties will be notified, and legal actions are underway.”

Redline is an reasonably priced but poweful [sic] Home windows information-stealing malware has been bought to cybercriminals since 2020, inflicting widespread theft of sufferer’s passwords, authentication cookies, cryptocurrency wallets, and different delicate information.

Meta (to not be confused with MetaStealer), is a more recent Home windows infostealer malware venture introduced in 2022, marketed as an improved model of Redline.

The stolen credentials are then used or bought to different risk actors to trigger community breaches, starting from huge information breaches to ransomware assaults that trigger widescale disruption of the U.S. healthcare system.

A joint report by Specops and KrakenLabs says that risk actors have used Redline to steal over 170 million passwords in only a six month interval.

Politie says they have been in a position to disrupt the operation with the assistance of worldwide regulation enforcement companions, together with the FBI, NCIS, the U.S. Division of Justice, Eurojust, the NCA, and the police forces in Portugal and Belgium.

The companies printed the next video, saying the “final update” for Redline and Meta customers, warning that they now have their account credentials, IP addresses, exercise timestamps, registration particulars, and extra.

This makes it clear that the investigators maintain proof that can be utilized to trace down cybercriminals who used the malware, so arrests and prosecutions are more likely to be introduced sooner or later.

Furthermore, the authorities claimed they acquired entry to the supply code, together with license servers, REST-API providers, panels, stealer binaries, and Telegram bots, for each malware.

As they acknowledged within the video, each Meta and Redline shared the identical infrastructure, so it is probably that the identical creators/operators are behind each tasks.

More info to be added on the site tomorrow
From the Operation Magnus web site

Though there was some doubt in regards to the authenticity of the bulletins initially, Europol and the NCA have confirmed to BleepingComputer that the operation is professional.

Extra details about the operation, seized infrastructure, and potential arrests, is scheduled to be launched to the general public tomorrow.

It is a creating story.

Recent articles