Data Security, Malware

More sophisticated, stealthy RedLine Stealer variant emerges

A computer screen with Javascript is seen

Information-stealing trojan RedLine Stealer has gained a more advanced variant leveraging the Lua bytecode and spoofing game cheats to facilitate increased stealth, The Hacker News reports.

Attacks involved the exploitation of GitHub to enable the delivery of a ZIP archive masquerading as a game cheat, including an MSI installer that would run malicious Lua bytecode, which would prevent PowerShell, JScript, and other familiar scripts while concealing malicious strings, a report from McAfee Labs revealed. Further examination of the attack chain showed that the installer's "compiler.exe" executable establishes persistence before being run under a new name, which then enables command-and-control communications, screenshot capturing, and data exfiltration, researchers said.

Such findings follow a report from Recorded Future's Insikt Group describing a widespread Russian cybercrime operation using fraudulent Web3 gaming lures to facilitate the distribution of numerous information-stealing malware, including RisePro, Atomic macOS Stealer, Rhadamanthys, and Stealc.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.