Redline Stealer Malware Targeting Browser Autologin Feature to Steal Passwords

The RedLine information-stealing malware targets the autologin feature of modern web browsers to steal confidential credentials like passwords.

On cyber-crime forums, this RedLine malware is available as a commodity information-stealer that cost around $200. While this malware can be deployed by any beginner with less knowledge on all the modern browsers like:-

  • Google Chrome
  • Microsoft Edge
  • Opera

The cybersecurity firm, AhnLab ASEC has warned that auto-login features on modern web browsers are becoming the constant target of threat actors which is significantly affecting both individuals and organizations.

Moreover, this malware also works efficiently on the computer that has an anti-malware solution installed since it wasn’t able to detect or remove the malware.

According to the report, On all Chromium-based web browsers, there is a “Login Data” file that is targeted by this malware, and within this file, all the usernames and passwords are stored.

Features of Redline Stealer

Below we have mentioned all the features of Redline Stealer:-

Collecting Information

– Collecting and stealing information saved to browsers.

– Login account and password.

– Cookies.

– Autofill.

– Credit card information.

– Browsers targeted for attack.

– All Chromium-based browsers.

– All Gecko-based browsers.

– Cryptocurrency wallet information.

– Seed file saved to the system.

Collecting System Info

– Collecting default system info such as the IP address of the system and OS info.

– Collecting hardware information such as the processor of the system, memory size, and GPU.

– Collecting information of browsers and software installed in the system.

– Collecting processes and anti-malware programs installed.


– Controlling target system via SOAP protocol communication.

– Uploading and downloading files.

– Accessing arbitrary URLs and running files.

After getting infected with the Redline stealer, the password management system will add all the entries that were refused by the user. And this lead attackers to perform several cyber attacks like:-

Once the threat actor gets access to the stolen credentials, then they primarily sell them on dark forums, or else they also exploit them for further attacks.

In March 2020, the Redline Stealer malware was spotted for the first time using COVID-19 themed phishing emails. However, later the malware was distributed through several mediums like:-

  • Phishing emails
  • Abusing of Google advertisements
  • Disguising as a photo editing tools

Apart from this, to stay protected users should follow and configure some specific security rules for sensitive websites like banking websites, corporate asset webpages, etc.

And lastly, activate all the security measures like complex passwords, multi-factor authentication, and OTP mechanisms.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.