In a sweeping worldwide effort, the U.S. Division of Justice, Federal Bureau of Investigation, and a number of international regulation enforcement businesses have uncovered “Operation Magnus,” focusing on two of the world’s most infamous information-stealing malware networks, RedLine Stealer and META.
In accordance with a press launch revealed on Oct. 29, the operation led to the seizure of a number of servers, the unsealing of prices towards a RedLine Stealer developer, and the arrest of two suspects in Belgium.
RedLine and META data stealers
RedLine Stealer and META are two distinct forms of malware often known as “data stealers,” or “infostealers,” designed to seize delicate consumer information. The existence of RedLine Stealer was initially reported in 2020, whereas META first appeared in 2022.
In an interview, a consultant of the META malware revealed that its improvement initially relied on parts of RedLine Stealer’s supply code, which had been acquired via a sale. Each malware are able to stealing delicate data from contaminated computer systems, akin to:
- Usernames and passwords for on-line companies, together with e-mail bins.
- Monetary data akin to bank card numbers or banking accounts.
- Session cookies to impersonate customers on on-line companies.
- Cryptocurrency wallets.
SEE: Easy methods to Create an Efficient Cybersecurity Consciousness Program (TechRepublic Premium)
Each malware additionally present the potential to bypass multi-factor authentication. The stolen data can be utilized by the controller of the malware however will also be bought as information known as “logs” in underground cybercriminal boards or marketplaces.
RedLine Stealer and META have contaminated tens of millions of computer systems worldwide — and have stolen much more credentials. Specops Software program, an organization centered on password safety, reported that RedLine Stealer captured greater than 170 million passwords in solely six months, whereas META stole 38 million passwords throughout that very same interval.
RedLine Stealer has additionally been used to conduct intrusions towards main firms, in keeping with the DOJ press launch.
Malware-as-a-Service (MaaS) enterprise mannequin
Each malware households are bought via a Malware-as-a-Service enterprise mannequin, the place cybercriminals buy a license to make use of variants of the malware after which launch their very own infecting campaigns. This may be carried out through infecting emails, malvertising, fraudulent software program downloads, malicious software program sideloading, and immediate messaging. Completely different cybercriminals have used numerous social engineering lures and tips to contaminate victims, together with pretend Home windows updates.
A number of servers, communication channels shut down
A warrant issued by the Western District of Texas approved regulation enforcement to grab two command and management domains utilized by RedLine Stealer and META.
Each domains now present content material concerning the operation.
Three servers have been shut down within the Netherlands, and several other RedLine Stealer and META communication channels have been taken down by Belgian authorities.
Moreover, a web site about Operation Magnus informs and helps victims. A video proven on the web site sends a powerful message to cybercriminals who’ve used RedLine or META, exposing a listing of nicknames stated to be VIPs — “Very Essential to the Police” — and ends with the picture of handcuffs and a message: “We’re trying ahead to seeing you quickly!”
The web site additionally provides an internet scanner for RedLine/META infections from cybersecurity firm ESET.
The U.S. DOJ has additionally unsealed prices towards Maxim Rudometov, one of many builders and directors of the RedLine Stealer malware, who repeatedly accessed and managed the infrastructure. Rudometov can also be related to numerous cryptocurrency wallets used to obtain and launder funds from RedLine clients.
Two different people have been additionally taken into custody in Belgium, though one was launched with out additional particulars accessible to the general public.
Easy methods to shield from data stealers
Info stealers can infect computer systems in myriad methods — which is why all techniques and software program should be up to date and patched to forestall an an infection that will leverage a typical vulnerability.
As well as, corporations can shield from cybercriminals by:
- Implementing Safety software program and antivirus on all techniques.
- Deploying multi-factor authentication additionally provides a protecting layer of safety for companies needing authentication.
- Altering all passwords if a system is compromised. This should be carried out as quickly because the stealer is faraway from the system.
Additional, customers ought to by no means use the identical password for various companies. Using password managers is very environment friendly to make use of a single advanced password for each service or device and ought to be necessary in organizations.
Disclosure: I work for Pattern Micro, however the views expressed on this article are mine.