Register now for better personalized quote!

Fortinet: Cybercriminals are exploiting Omicron news to distribute RedLine malware

Jan, 12, 2022 Hi-network.com

Fortinet has uncovered an effort to spread RedLine malware through news about the COVID-19 Omicron strain. FortiGuard Labs researchers said the people behind the malware are trying to use the ongoing pandemic to steal information and credentials. 

RedLine is a relatively common malware that steals all of the usernames and passwords it finds throughout an infected system. Fortinet said the RedLine Stealer variant in this instance steals stored credentials for VPN applications like NordVPN, OpenVPN, and ProtonVPN. 

"FortiGuard Labs recently came across a curiously named file, 'Omicron Stats.exe' which turned out to be a variant of RedLine Stealer malware. While we have not been able to identify the infection vector for this particular variant, we believe that it is being distributed via email," the company said in its report, noting that the issue affects Windows users.

"Based on the information collected by FortiGuard Labs, potential victims of this RedLine Stealer variant are spread across 12 countries. This indicates that this is a broad-brush attack and that the threat actors did not target specific organizations or individuals."

Researchers at multiple cybersecurity companies have said use of RedLine Stealer started around March of 2020. It quickly took over as one of the most popular infostealers available on underground digital markets, according to Fortinet. 

The researchers said cybercriminals typically use it to steal information and sell it on dark net marketplaces "for as low as$10 dollars per set of user credentials." The credentials range from those used for accounts on online payment portals, e-banking services, and file-sharing tools to those used for social networking platforms. 

"The malware emerged just as the world began to deal with increased numbers of COVID patients and the growing fear and uncertainty that can cause people to lower their guard, which may have prompted its developers to use COVID as its lure," Fortinet explained. 

Fortinet noted that hackers have previously used COVID-themed emails to spread RedLine Stealer variants, and the malware was embedded in a document designed to be opened by a victim. 

Last month, data breach tracker Have I Been Pwned added 441,657 unique email addresses to its database after cybersecurity researcher Bob Diachenko discovered RedLine Stealer malware logs with more than six million records exposed online.

Cybersecurity firm Proofpoint said in a blog post in 2020 that RedLine is available for sale on Russian underground forums, with different versions costing$150 (lite) or$200 (pro).

Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Hot Tags : Tech Security

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.