Using third-party tools to deploy the threat, such as cryptors or packers to thwart signature-based detection is no concern for the threat actors as the subscription comes with free cryptor as a package (Figure 2). Figure 1: Redline Telegram official channel. Mostly targeting service or content providers individuals such as 3D artists and streamers, financial advisers, and more based mostly in North America and Europe.Īs for this moment, Redline can be purchased through Redline telegram official channel (Figure 1), when offering a monthly, weekly, and lifetime subscription for the prices of 100$, 150$, and 800$ respectively, paid in Bitcoin, Ethereum, XMR, LTC, and USDT. Lacking an out-of-the-box distribution method, recently observed Redline incidents appear to begin with the delivery of malicious document attachments sent via an indiscriminate unsolicited email (malspam) campaign, Twitter, and Instagram Direct Messaging.
Over the past year, Redline was added with additional features and is capable to load other malware software and run commands while periodically sending updates to its C2 of new information related to the infected host. First observed in 2020 and advertised on various cybercriminal forums as a ‘Malware-as-a-Service’ (MaaS) threat, Redline is an information stealer mainly targeting Windows’ victim credentials and cryptocurrency wallets, as well as Browser information, FTP connections, game chat launchers, and OS information such as system hardware, processes names, time zone, IP, geolocation information, OS version, and default language.
0 kommentar(er)
