For HomeFor BusinessFor Partners
Whitepapers Anti-Malware Research
1 min read

RedLine Stealer Resurfaces in Fresh RIG Exploit Kit Campaign

Mihai NEAGU

April 27, 2022

Promo Protect all your devices, without slowing them down.
Free 30-day trial
RedLine Stealer Resurfaces in Fresh RIG Exploit Kit Campaign

At the start of the year, Bitdefender noticed a RIG Exploit Kit campaign using CVE-2021-26411 exploits found in Internet Explorer to deliver RedLine Stealer, a low-cost password stealer sold on underground forums.

When executed, RedLine Stealer performs recon against the target system (including username, hardware, browsers installed, anti-virus software) and then exfiltrates data (including passwords, saved credit cards, crypto wallets, VPN logins) to a remote command and control server.

Download the RedLine Stealer whitepaper

Key Findings

  • Bitdefender discovered a new RIG Exploit Kit campaign targeting an Internet Explorer vulnerability designed to distribute RedLine Stealer malware.
  • If executed, the stealer exfiltrates passwords, cookies and credit card data saved in browsers, as well as crypto wallets, chat logs, VPN login credentials and text from files as per the instructions received from the C2 infrastructure.

Country distribution and daily activity

Mitigation

  • Ensure anti-virus and EDR solutions have exploit detection capabilities.
  • Look for the indicators of compromise (IOCs) and keep operating systems and third-party applications up to date, and prioritize security fixes.

Download the RedLine Stealer whitepaper

tags

Whitepapers Anti-Malware Research

Author

Mihai NEAGU

Mihai NEAGU

Passionate about reverse engineering, Mihai worked on malware analysis and detection techniques in the past. Now he is doing research on exploit detection and mitigation for Windows applications.

View all posts

Right now Top posts

Infected Minecraft Mods Lead to Multi-Stage, Multi-Platform Infostealer Malware
Anti-Malware Research

Infected Minecraft Mods Lead to Multi-Stage, Multi-Platform Infostealer Malware

June 08, 2023

5 min read
Vulnerabilities identified in Amazon Fire TV Stick, Insignia FireOS TV Series
IoT Research Whitepapers

Vulnerabilities identified in Amazon Fire TV Stick, Insignia FireOS TV Series

May 02, 2023

2 min read
EyeSpy - Iranian Spyware Delivered in VPN Installers
Anti-Malware Research Whitepapers

EyeSpy - Iranian Spyware Delivered in VPN Installers

January 11, 2023

2 min read
Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor
Anti-Malware Research Free Tools

Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor

January 05, 2023

1 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

Abusing the Ad Network – Threat Actors Now Hacking into Companies via Search
Whitepapers Anti-Malware Research

Abusing the Ad Network – Threat Actors Now Hacking into Companies via Search
Victor VRABIEAlexandru MAXIMCIUC

July 26, 2023

2 min read
Exposing RDStealer Deep Dive into a Targeted Cyber-Attack Against East-Asia Infrastructure
Anti-Malware Research Whitepapers

Exposing RDStealer Deep Dive into a Targeted Cyber-Attack Against East-Asia Infrastructure
Victor VRABIE

June 20, 2023

2 min read
Tens of Thousands of Compromised Android Apps Found by Bitdefender Anomaly Detection Technology
Anti-Malware Research

Tens of Thousands of Compromised Android Apps Found by Bitdefender Anomaly Detection Technology

Bookmarks

loader