RedLine Stealer is a multi-faceted malware capable of extracting a victim’s information from FTP servers, web browsers, instant messaging clients, or even cryptocurrency wallets. RedLine Stealer is constantly in development, gaining new capabilities from time to time.
RedLine Stealer mostly spreads through phishing campaigns that utilize spam emails. RedLine Stealer’s operators seek to infect their victims by compelling them to click on an embedded URL or open the attached file to initiate the download and malware installation.
For example, one of the spam campaigns that distributed RedLine Stealer generated emails that supposedly were sent out by Shannon Wilson, who claimed to be working for Mobility Research Inc, a rehabilitation solutions business for physically disabled patients. The email subject line usually would state something to the effect of “Please help us with Fighting corona-virus,” and it would urge recipients to enroll in something called the Folding.@Thome program.
The email campaign was spoofing a real business. There actually is a company called Mobility Research that has a Folding@home project, which looks for participants to donate computing power for disease research via a legitimate app. But in the RedLine Stealer campaign, there was an extra point symbol and the letter “T” seen in the fake “Folding.@Thome” URL from the spam email. Clicking on the fake URL would send users to the RedLine malware payload stored on BitBucket.
As far as the behavior of this malware is concerned, RedLine Stealer corresponds with a remote command-and-control server via a dedicated WSDL application. It allows hackers to sift through search logs, downloads, running tasks, and export any data they may want to steal. Security researchers have confirmed that the tool has wide-ranging capabilities and is relatively inexpensive for cybercriminals, as almost any hacker can afford it for only $150 to $200.
How Do I Deal with a RedLine Stealer Malware Attack?
You can scan for and remove RedLine Stealer and other malicious threats from your computer using a reputable malware remediation tool.