International authorities, including the FBI, have made significant strides in the battle against cybercrime by seizing servers and the source code for the RedLine and Meta stealers as part of Operation Magnus. These malicious software programs have been responsible for the theft of millions of unique credentials from victims around the world.
The coordinated effort involved various law enforcement agencies from different countries, such as the Dutch National Police, Belgian Federal Police, UK National Crime Agency, Australian Federal Police, and others. The operation disrupted the activities of a cybercriminal group behind the stealers, which were revealed to be very similar malware in a video posted on the operation’s website.
The investigation into RedLine and Meta began after suspicions arose regarding servers in the Netherlands being connected to the malware. Subsequent inquiries uncovered over 1,200 servers across numerous countries that were actively running the stealers. Authorities were able to collect victim log data stolen by these malware operators, revealing millions of unique usernames, passwords, email addresses, bank accounts, cryptocurrency addresses, and credit card numbers.
The US Department of Justice (DoJ) has taken legal action against Maxim Rudometov, a developer and administrator of RedLine, charging him with various offenses including access device fraud, conspiracy to commit computer intrusion, and money laundering. If convicted, Rudometov could face a maximum of 35 years in prison.
In addition to Rudometov’s charges, the DoJ unsealed a warrant that permitted law enforcement to seize domains used by RedLine and Meta for command and control purposes. Dutch police also dismantled three servers linked to the stealers in the Netherlands, and two individuals associated with the criminal activities were apprehended in Belgium.
The distribution of the RedLine Stealer and Meta is widespread, with these malware-as-a-service platforms being sold through platforms like Telegram and hacker forums. These stealers target browsers to gather sensitive data, such as credentials and payment card details. They can also execute commands, upload and download files, and perform various other malicious functions.
Threat actors with varying levels of sophistication have used these stealers for nefarious purposes. Advanced actors utilize them as initial vectors for further malicious activities, such as ransomware attacks, while less experienced cybercriminals employ them to steal credentials that are eventually sold on the Dark Web.
One common method of distributing the stealers is through deceptive practices like hiding them behind Facebook ads promoting AI chatbots or embedding them in malicious files attached to phishing emails. International authorities will continue their investigations, leveraging the data stolen by these infostealers to track down and prosecute cybercriminals.
For individuals concerned about their data security, ESET is offering an online tool to check if their information has been compromised by RedLine and Meta and provide guidance on the necessary steps to take if so. This collaborative effort among global law enforcement agencies marks a significant victory in the ongoing battle against cybercrime.