"Takedown of GitHub Repositories Disrupts RedLine Malware Operations"

Cybersecurity researchers at ESET have discovered that the RedLine information stealer’s operations have recently been disrupted after the takedown of GitHub repositories used by the malware’s control panels.  A piece of commodity malware active since at least early 2020, the RedLine stealer is written in .NET and packs broad data exfiltration capabilities.  The researchers noted that the malware targets system information, cookies and other browser data, login credentials for various applications and services, credit card information, and crypto wallets.  Available under the stealer-as-a-service business model, RedLine was seen being offered by 23 of 34 Russian-speaking groups that were distributing infostealers last year.  Each of the groups had an average of 200 members.  The researchers stated that RedLine is sold on underground forums and Telegram channels.  Affiliates purchase access to an all-in-one control panel that acts as a command-and-control (C&C) server, allowing them to generate new samples and to manage stolen information.  The researchers noted that the removal of these repositories should break authentication for panels currently in use.  While this doesn’t affect the actual back-end servers, it will force the RedLine operators to distribute new panels to their customers.  Stealer-as-a-service is one of the top three crime-as-a-service categories likely to be prevalent in 2023, along with ransomware-as-a-service and victims-as-a-service.

SecurityWeek reports: "Takedown of GitHub Repositories Disrupts RedLine Malware Operations"