Today > 3 Critical | 10 High | 10 Medium | 4 Low vulnerabilities   -   You can now download lists of IOCs here!

Life on a crooked RedLine: Analyzing the infamous infostealer's backend

Nov. 18, 2024, 4:38 p.m.

Description

This article provides an in-depth analysis of RedLine Stealer, a notorious information-stealing malware. The research focuses on previously undocumented backend modules and the control panel used by affiliates. Key findings include the identification of over 1,000 unique IP addresses hosting RedLine panels, the use of Windows Communication Framework for component communication, and the shared origin of RedLine and META Stealer. The analysis covers authentication processes, sample creation mechanisms, and network infrastructure details. The researchers also highlight security vulnerabilities in the backend, such as storing passwords in cleartext. The article concludes by discussing the takedown of RedLine and META Stealer in Operation Magnus, emphasizing the widespread nature of these threats despite being orchestrated by a small group of actors.

Date

Published: Nov. 17, 2024, 12:25 a.m.

Created: Nov. 17, 2024, 12:25 a.m.

Modified: Nov. 18, 2024, 4:38 p.m.

Attack Patterns

META Stealer

RedLine Stealer

RedLine Stealer

Additional Informations

Finland

Czechia

Netherlands

Germany

United Kingdom of Great Britain and Northern Ireland

United States of America

Russian Federation