RedLine and META Infostealers Infrastructure Seized by Authorities

An international coalition led by the U.S. Department of Justice has dismantled the infrastructure behind the notorious RedLine and META infostealers.

These malware variants have plagued millions of computers worldwide, stealing sensitive information and facilitating further cybercriminal activities.

Operation Magnus was a joint effort involving the US Department of Justice, FBI, Naval Criminal Investigative Service, IRS Criminal Investigation, Defense Criminal Investigative Service, and Army Criminal Investigation Division.

It collaborated with international partners through the Joint Cybercrime Action Taskforce (JCAT), supported by Europol.

The operation successfully seized domains, servers, and Telegram accounts used by the administrators of RedLine and META.

Protecting Your Networks & Endpoints With UnderDefense MDR – Request Free Demo

RedLine and META Infostealers

Infostealers like RedLine and META are designed to extract valuable data from victims’ computers, including usernames, passwords, financial details, system information, cookies, and cryptocurrency accounts.

This stolen data, often called “logs,” is sold on cybercrime forums and used for further fraudulent activities.

RedLine has been particularly notorious for enabling cybercriminals to bypass multi-factor authentication by stealing cookies.

RedLine and META operate under a decentralized Malware as a Service (MaaS) model.

Affiliates purchase licenses to use the malware and launch their campaigns through malvertising, email phishing, fraudulent software downloads, and malicious software sideloading.

These infostealers have been distributed using various schemes, including COVID-19 and Windows update ruses.

Law enforcement agencies have collected extensive victim log data from computers infected with these infostealers.

While the total amount of stolen data is still being assessed, millions of unique credentials have been identified.

The U.S. has unsealed a warrant from the Western District of Texas authorizing the seizure of two domains used for command and control by RedLine and META.

In conjunction with the disruption efforts, charges have been filed against Maxim Rudometov, believed to be one of RedLine’s developers and administrators.

He faces charges including access device fraud, conspiracy to commit computer intrusion, and money laundering. If convicted, Rudometov could face significant prison time.

The FBI Austin Cyber Task Force is leading the investigation with support from various agencies. Assistant U.S. Attorney G. Karthik Srinivasan is prosecuting the case with assistance from international partners.

Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!