Madrid. An international operation in which the Netherlands National Police and other security agencies around the world have participated has dismantled more than 1,200 servers of the ‘infostealers’ RedLine and META, which targeted millions of victims globally.
The ‘infostealer’ is one of the most popular and dangerous types of ‘malware’, because, once it manages to access and steal confidential information from the victim’s device, it sends it to a command and control server and makes it available. selling on the ‘dark web’.
In addition, they are usually spread through fraudulent emails (the method known as ‘phishing’) in social engineering attacks, or with a Trojan horse, a virus that is inserted into apparently legitimate ‘software’.
Two of the best-known variants are RedLine – active since 2020, according to Specops – and META, which would have been used to access the data of millions of users and large corporations to steal confidential information, such as passwords, search histories and the content of crypto wallets.
They would also have allowed cybercriminals to bypass multi-factor authentication (MFA) by stealing authentication cookies and other information from compromised computers and systems, as explained by the U.S. Attorney’s Office for the Western District of Texas. (USA).
RedLine and META are sold through a decentralized ‘Malware-as-a-service’ (MaaS) model, where cybercriminals purchase a license to use them and then develop their own campaigns, distributed via email and downloads fraudulent ‘software’ sides.
This Monday an international coalition, led by the Netherlands National Police, has managed to take down the operations of both ‘infostealers’ within the framework of the so-called Operation Magnus, executed by the Joint Task Force against Cybercrime (JCAT) and with the support from Europol.
The Prosecutor’s Office, the National Police of the Netherlands and the Cybercrime team of Limburg (Dutch province), the Prosecutor’s Office and the Belgian General Police, the Polícia Judiciária of Portugal, the Australian and Belgian Federal Police have been involved in this operation; and several US agencies, including the Naval Criminal Investigative Service, the Army Criminal Investigation Division, and the Federal Bureau of Investigation (FBI).
This dismantling was possible after victims reported these attacks and a cybersecurity company alerted of the possible existence of servers linked to RedLine and META located in the Netherlands. Thus, they discovered that more than 1,200 servers were running them around the world.
The European Union Agency for Cooperation in Criminal Justice (EuroJust), which has also coordinated the operation, has served as a platform between the different participating nations to exchange information aimed at taking down the systems of these ‘malware’ variants.
This body has indicated that three of the servers involved in these activities were dismantled in the Netherlands, where two domains were also confiscated; while the Belgian authorities dismantled several RedLine and META communication channels.
!function(f,b,e,v,n,t,s)
{if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};
if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version=’2.0′;
n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t,s)}(window, document,’script’,
‘
fbq(‘init’, ‘133913093805922’);
fbq(‘track’, ‘PageView’);
fbq(‘track’, ‘Contact’);
fbq(‘track’, ‘Donate’);
fbq(‘track’, ‘FindLocation’);
fbq(‘track’, ‘Lead’);
fbq(‘track’, ‘Search’);
fbq(‘track’, ‘Subscribe’, {value: ‘0.00’, currency: ‘MXN’, predicted_ltv: ‘0.00’});
fbq(‘track’, ‘ViewContent’);
#International #operation #dismantles #infostealers #malware
–
