Threat actors have been leveraging cheat lures for the Valorant first-person shooter game
to distribute the RedLine information stealer, according to BleepingComputer
Researchers from ASEC discovered that Valorant players are being lured by YouTube videos offering Valorant cheats that could be used from an auto-aiming bot available in the video's description. However, attempted downloading of the file will prompt redirection to an anonfiles page with a RAR archive featuring the "Cheat installer.exe" executable, which is a RedLine stealer copy.
RedLine stealer does not only exfiltrate basic data including computer names and IP addresses, but also steals information from web browsers, cryptocurrency wallets, and VPN clients, as well as other apps and programs, such as Discord, Steam, FileZilla, and Minecraft, researchers said. They added that data collected by the information stealer will be compiled in a ZIP archive before being exfiltrated through a WebHook API POST request sent to a Discord server.