In early March 2020, Proofpoint researchers observed an email campaign attempting to deliver previously unknown malware that the malware author calls RedLine Stealer. The emails in this password theft campaign abused the Folding @ home brand, which is a distributed computing project for disease research, while also asking the recipient to help find a cure for the coronavirus. This campaign focused primarily on the manufacturing and healthcare industries in the United States.
RedLine is a malware available for sale on Russian underground forums with various pricing options AND it steals information from browsers such as login, autocomplete, passwords and credit cards. It also collects information about the user and their system, such as username, location, hardware configuration, and installed security software. A recent RedLine Stealer update also added the ability to steal cryptocurrency cold wallets.
What can Redline malware cause?
This malicious program can be used to infect computers with other malware (download and run malicious files). Therefore, cybercriminals can use “RedLine Stealer” to distribute ransomware, Trojans, cryptocurrency miners, Remote Management / Access (RAT) Trojans, etc. Therefore “RedLine Stealer” victims can suffer financial and data losses, become victims of identity theft, experience privacy issues, and other serious problems.
Cybercriminals typically spread malicious programs through spam campaigns (emails), Trojans, rogue software download channels, unofficial activation tools, and fake updates. They try to spread malware by sending emails containing malicious attachments.
This is why it is so important that you regularly scan for threats with reputable antivirus or antispyware software. Keep this software up to date. If you think your computer is already infected, Malwarebytes is the best option to automatically remove the infiltrated malware.
Related reads:
Saint bot – A new password stealing threat
Qlocker new ransomware that puts QNAP devices at risk
