Your hacker Blog

Experts temporarily disrupted the RedLine Stealer operations

Security experts from ESET, have temporarily disrupted the operations of the RedLine Stealer with the help of GitHub.

ESET researchers announced to have temporarily disrupted the operations of the RedLine Stealer with the help of GitHub.

The two companies teamed up with Flare to curb the operations of the malware operators. The experts discovered that the malware control panels use GitHub repositories as dead-drop resolvers.

#ESETResearch, with the help of @github, has temporarily disrupted the operations of #RedLineStealer. During a collaborative investigation with @flaresystems into the infamous stealer, we discovered that the control panels use GitHub repositories as dead-drop resolvers. 1/4 pic.twitter.com/7JjOSbYEBx— ESET Research (@ESETresearch) April 17, 2023The RedLine is an info stealing malware written in .NET that is active since at least early 2020. The malware is able to steal sensitive information from the infected systems, including credentials, cookies, browser history, credit card data, and crypto wallets. The info-stealer is considered a commodity malware that is available through malware-as-a-service model.

By analyzing samples of the RedLine Stealer, the ESET researchers identified the following repositories:

github[.]com/lermontovainessa/Hub

github[.]com/arkadi20233/hub

github[.]com/ivan123iii78/hub

github[.]com/MTDSup/updateResolver
ESET shared its findings with GitHub, which immediately suspended the repositories.

The experts did not observe fallback channels, which means that the removal of these repositories made the control panels unusable. The operators behind the RedLine will be forced to set up new panels to recover their operations.

No fallback channels were observed. The removal of these repositories should break authentication for panels currently in use. While this doesn’t affect the actual back-end servers, it will force the RedLine operators to distribute new panels to their customers. 3/4 pic.twitter.com/amunD6j8Ly— ESET Research (@ESETresearch) April 17, 2023Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERSVote for me in the sections:

The Teacher – Most Educational Blog

The Entertainer – Most Entertaining Blog

The Tech Whizz – Best Technical Blog

Best Social Media Account to Follow (@securityaffairs)
Please nominate Security Affairs as your favorite blog.

Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, RedLine)
The post Experts temporarily disrupted the RedLine Stealer operations appeared first on Security Affairs.