A mass phishing campaign is targeting Windows PCs and aims to deliver malware that can steal usernames, passwords, credit card details and the contents of cryptocurrency wallets.
Detailed by cybersecurity researchers at Bitdefender, RedLine Stealer is offered to in a malware-as-a-service scheme, providing even low-level cyber criminals with the ability to steal many different forms of sensitive personal data – for as little as $150.
The malware first appeared in 2020, but recently RedLine has added additional features and has been widely distributed in mass spam campaigns during April. The mass phishing emails contain a malicious attachment which, if run, will start the process of installing the malware. Victims being targeted are mostly in North America and Europe.
SEE: A winning strategy for cybersecurity (ZDNet special report)
The malware uses CVE-2021-26411 exploits found in Internet Explorer to deliver the payload. The vulnerability was disclosed and issued with a patch last year, so the malware can only infect users who have yet to apply the security update.
After being executed, Redline Stealer performs initial recon against the target system, scouting for information including usernames, which browsers are installed and whether anti-virus software is running.
From there, it seeks out information that can be stolen and then exfiltrates passwords, cookies and credit card data saved in browsers, as well as crypto wallets, chat logs, VPN login credentials and text from files.
Redline is available in underground marketplaces