130 views 3 mins 0 comments

RedLine, META infostealer malware operations disrupted by “Operation Magnus”

In News, Malware Ransomware
October 29, 2024
RedLine, META infostealer malware operations disrupted by “Operation Magnus”

An announcement by Dutch police in conjunction with their law enforcement partners had cyberdefenders smiling yesterday. Law enforcement had seized the source code and network infrastructure for RedLine and META infostealers. In what has been called “Operation Magnus,” law enforcement warned cybercriminals that they got their data, too. In a “final update” video, law enforcement claims that they got users’ account credentials, and will be seeing them soon:

“Involved parties will be notified, and legal actions are underway.”

RedLine and META are malware that steal individuals’ login credentials and information from their browsers if the browsers have become infected. Logs of credentials are often then leaked or sold on hacking forums.

The risk of infostealers has been known for years, but most users still do not even know when their browsers have been infected or their login credentials have been stolen. The risk is tremendous, especially since most people reuse credentials over multiple sites and purposes. The pandemic increased the problem as people used their home devices to login to work. An infected browser might enable threat actors to gain credentials to the individual’s corporate accounts, financial accounts, and other accounts. Couple that with the failure of many companies to require multifactor authentication (MFA), and we have a recipe for massive corporate data breaches.

Disrupting RedlLne and META is certainly helpful, but given that logs are already out there with login credentials that have not been canceled and probably will not be reset unless companies start requiring resets and multifactor authentication, past infostealer logs will still pose a risk for the foreseeable future.

The U.S. Attorney’s Office for the Western District of Texas has issued a press release about the disruption that also reveals that two domains have been seized and charges have been unsealed against one individual:

In conjunction with the disruption effort, the Justice Department unsealed charges against Maxim Rudometov, one of the developers and administrators of RedLine Infostealer. According to the complaint, Rudometov regularly accessed and managed the infrastructure of RedLine Infostealer, was associated with various cryptocurrency accounts used to receive and launder payments and was in possession of RedLine malware. For his actions, he has been charged with access device fraud, in violation of 18 U.S.C. § 1029, conspiracy to commit computer intrusion, in violation of 18 U.S.C. §§ 1030 and 371, and money laundering, in violation of 18 U.S.C. § 1956.

If convicted, Rudometov faces a maximum penalty of 10 years in prison for access device fraud, five years in prison for conspiracy to commit computer intrusion, and 20 years in prison for money laundering. The complaint is merely an allegation, and the defendant is presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

Updated to include information from the U.S. Attorney’s Office.