US Offers $10 Million Reward for Information on RedLine Malware Creator Maxim Rudometov

The US government is offering a reward of up to $10 million for any information leading to the identification or location of Maxim Alexandrovich Rudometov, the alleged creator and operator of the RedLine malware.

RedLine appeared in early 2020 and it didn't take long until it became one of the most widely used information-stealing malware across the globe. Criminals often use it to collect data, including usernames, passwords, browser autofill information, cryptocurrency wallet keys, and much more.

How does it work?

Cybercriminals rent RedLine through a Malware-as-a-Service (MaaS) model, which means that even less technically skilled attackers will be able to make it work.

For example, Bitdefender researchers discovered RedLine's persistent threat through several incidents. In January 2022, attackers exploited Internet Explorer vulnerabilities (CVE-2021-26411) through the RIG Exploit Kit, which allowed them to steal passwords, saved credit cards, crypto wallets, and VPN logins.

Operation Magnus: international cyber response

In October 2024, law enforcement from numerous countries initiated Operation Magnus, and targeted RedLine and other related infostealers. The Dutch National Police led the operation and collaborated with the FBI, Eurojust, and agencies from Belgium, the UK, Portugal, and Australia. They shut down over 1,200 servers and arrested several affiliates.

Investigators got control over malware source code, licensing servers, and Telegram-based customer support bots, significantly disrupting RedLine's distribution network. However, the creator eluded capture.

Charges and fugitive status

The US Department of Justice charged Rudometov with access device fraud, conspiracy to commit computer intrusion, and money laundering. Investigators say Rudometov managed RedLine's core systems and used aliases such as "dendimirror," "alinchok," and "bloodzz.fenix" for illegal transactions.

Authorities think that Rudometov has fled to Krasnodar, Russia, shortly after Russia invaded Ukraine in February 2022. He faces up to 35 years in prison if convicted.

"Rewards for Justice is offering a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA)," reads the announcement made by US authorities.

Authorities hope public assistance will help neutralize RedLine's ongoing threat.