An international coalition led by the U.S. Department of Justice successfully dismantled the infrastructure supporting the RedLine and META infostealers, notorious malware variants that have been causing havoc on millions of computers worldwide. These malicious programs were designed to steal sensitive information and facilitate further cybercriminal activities.
The joint effort, known as Operation Magnus, involved various U.S. law enforcement agencies including the Department of Justice, FBI, Naval Criminal Investigative Service, IRS Criminal Investigation, Defense Criminal Investigative Service, and Army Criminal Investigation Division. Additionally, international partners collaborated through the Joint Cybercrime Action Taskforce (JCAT), with support from Europol.
The operation resulted in the seizure of domains, servers, and Telegram accounts used by the administrators of RedLine and META. These actions aimed to disrupt the operations of these malware variants and prevent further harm to computer users worldwide.
Infostealers like RedLine and META are specifically designed to extract valuable data from victims’ computers, including usernames, passwords, financial details, system information, cookies, and cryptocurrency accounts. This stolen data, commonly referred to as “logs,” is then sold on cybercrime forums and used for fraudulent activities.
RedLine, in particular, has gained notoriety for its ability to bypass multi-factor authentication by stealing cookies. Both RedLine and META operate under a decentralized Malware as a Service (MaaS) model, where affiliates purchase licenses to use the malware and conduct their campaigns through various means such as malvertising, email phishing, fraudulent software downloads, and malicious software sideloading.
These infostealers have been distributed using a variety of schemes, including leveraging current events such as the COVID-19 pandemic and fake Windows update notifications. Law enforcement agencies have been able to collect extensive victim log data from computers infected with these malicious programs, leading to the identification of millions of unique credentials.
In response to these threats, the U.S. has unsealed a warrant authorizing the seizure of two domains used for command and control by RedLine and META. Additionally, charges have been filed against Maxim Rudometov, believed to be one of the developers and administrators of RedLine. The charges against Rudometov include access device fraud, conspiracy to commit computer intrusion, and money laundering. If convicted, he could face significant prison time.
The investigation into RedLine and META is being led by the FBI Austin Cyber Task Force with support from various agencies. Assistant U.S. Attorney G. Karthik Srinivasan is prosecuting the case with assistance from international partners.
Overall, the successful dismantling of the infrastructure behind RedLine and META infostealers marks a significant victory in the fight against cybercrime. By working together on a global scale, law enforcement agencies have disrupted these malicious operations and taken steps to protect computer users from further harm.