A mass phishing campaign is targeting Windows PCs and aims to deliver malware that can steal usernames, passwords, credit card details and the contents of cryptocurrency wallets.
Detailed by cybersecurity researchers at Bitdefender, RedLine Stealer is offered to in a malware-as-a-service scheme, providing even low-level cyber criminals with the ability to steal many different forms of sensitive personal data – for as little as $150.
The malware first appeared in 2020, but recently RedLine has added additional features and has been widely distributed in mass spam campaigns during April. The mass phishing emails contain a malicious attachment which, if run, will start the process of installing the malware. Victims being targeted are mostly in North America and Europe.
SEE: A winning strategy for cybersecurity (ZDNet special report)
The malware uses CVE-2021-26411 exploits found in Internet Explorer to deliver the payload. The vulnerability was disclosed and issued with a patch last year, so the malware can only infect users who have yet to apply the security update.
After being executed, Redline Stealer performs initial recon against the target system, scouting for information including usernames, which browsers are installed and whether anti-virus software is running.
From there, it seeks out information that can be stolen and then exfiltrates passwords, cookies and credit card data saved in browsers, as well as crypto wallets, chat logs, VPN login credentials and text from files.
Redline is available in underground marketplaces and cyber criminals are offered several levels of tiered service, reflecting how malware has become easily available: would-be crooks can ‘lease’ the software for $100 or they can buy a ‘lifetime’ subscription for $800.
The malware is relatively simple, but it’s potent, with the ability to steal vast amounts of sensitive information, even if the affiliates are relatively inexperienced. However, it’s possible to protect against Redline by applying security patches, particularly for Internet Explorer, as that will prevent the exploit kit from taking advantage of the CVE-2021-26411 vulnerability.
It’s also recommended that users keep operating systems, applications and anti-virus software up to date, in order to prevent known vulnerabilities being exploited to help deliver malware.