The RedLine information-stealing malware targets the autologin feature of modern web browsers to steal confidential credentials like passwords.
On cyber-crime forums, this RedLine malware is available as a commodity information-stealer that cost around $200. While this malware can be deployed by any beginner with less knowledge on all the modern browsers like:-
- Google Chrome
- Microsoft Edge
- Opera
The cybersecurity firm, AhnLab ASEC has warned that auto-login features on modern web browsers are becoming the constant target of threat actors which is significantly affecting both individuals and organizations.
Moreover, this malware also works efficiently on the computer that has an anti-malware solution installed since it wasn’t able to detect or remove the malware.
According to the report, On all Chromium-based web browsers, there is a “Login Data” file that is targeted by this malware, and within this file, all the usernames and passwords are stored.
Features of Redline Stealer
Below we have mentioned all the features of Redline Stealer:-
Collecting Information
– Collecting and stealing information saved to browsers.
– Login account and password.
– Cookies.
– Autofill.
– Credit card information.
– Browsers targeted for attack.
– All Chromium-based browsers.
– All Gecko-based browsers.
– Cryptocurrency wallet information.
– Seed file saved to the system.
Collecting System Info
– Collecting default system info such as the IP address of the system and OS info.
– Collecting hardware information such as the processor of the system, memory size, and GPU.
– Collecting information of browsers and software installed in the system.
– Collecting processes and anti-malware programs installed.
C&C
– Controlling target system via SOAP protocol communication.
– Uploading and downloading files.
– Accessing arbitrary URLs and running files.
After getting infected with the Redline stealer, the password management system will add all the entries that were refused by the user. And this lead attackers to perform several cyber attacks like:-
- Social engineering
- Credential stuffing
- Phishing attacks
Once the threat actor gets access to the stolen credentials, then they primarily sell them on dark forums, or else they also exploit them for further attacks.
In March 2020, the Redline Stealer malware was spotted for the first time using COVID-19 themed phishing emails. However, later the malware was distributed through several mediums like:-
- Phishing emails
- Abusing of Google advertisements
- Disguising as a photo editing tools
Apart from this, to stay protected users should follow and configure some specific security rules for sensitive websites like banking websites, corporate asset webpages, etc.
And lastly, activate all the security measures like complex passwords, multi-factor authentication, and OTP mechanisms.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
.webp "R0bl0ch0n Rogue TDS Impacted Over 110 Million Internet Users")
.webp "ServiceNow Flaw Let Remote Attackers Execute Arbitrary Code"){kind=small}
