Source: securityaffairs.com – Author: Pierluigi Paganini.
Security experts from ESET, have temporarily disrupted the operations of the RedLine Stealer with the help of GitHub.
ESET researchers announced to have temporarily disrupted the operations of the RedLine Stealer with the help of GitHub.
The two companies teamed up with Flare to curb the operations of the malware operators. The experts discovered that the malware control panels use GitHub repositories as dead-drop resolvers.
The RedLine is an info stealing malware written in .NET that is active since at least early 2020. The malware is able to steal sensitive information from the infected systems, including credentials, cookies, browser history, credit card data, and crypto wallets. The info-stealer is considered a commodity malware that is available through malware-as-a-service model.
By analyzing samples of the RedLine Stealer, the ESET researchers identified the following repositories:
- github[.]com/lermontovainessa/Hub
- github[.]com/arkadi20233/hub
- github[.]com/ivan123iii78/hub
- github[.]com/MTDSup/updateResolver
ESET shared its findings with GitHub, which immediately suspended the repositories.
The experts did not observe fallback channels, which means that the removal of these repositories made the control panels unusable. The operators behind the RedLine will be forced to set up new panels to recover their operations.
No fallback channels were observed. The removal of these repositories should break authentication for panels currently in use. While this doesn’t affect the actual back-end servers, it will force the RedLine operators to distribute new panels to their customers. 3/4 pic.twitter.com/amunD6j8Ly
— ESET Research (@ESETresearch) April 17, 2023
Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:
- The Teacher – Most Educational Blog
- The Entertainer – Most Entertaining Blog
- The Tech Whizz – Best Technical Blog
- Best Social Media Account to Follow (@securityaffairs)
Please nominate Security Affairs as your favorite blog.
Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, RedLine)
Original Post URL: https://securityaffairs.com/144974/cyber-crime/experts-temporary-distrupted-redline-stealer-op.html
Category & Tags: Breaking News,Cyber Crime,Malware,Cybercrime,Hacking,hacking news,information security news,IT Information Security,MaaS,malware,Pierluigi Paganini,RedLine stealer,Security Affairs,Security News – Breaking News,Cyber Crime,Malware,Cybercrime,Hacking,hacking news,information security news,IT Information Security,MaaS,malware,Pierluigi Paganini,RedLine stealer,Security Affairs,Security News
