RedLine info stealer disrupted by dismantled GitHub repositories

Operations of the RedLine information stealing malware, which is offered under a stealer-as-a-service business model, have been disturbed after its control panels' GitHub repositories have been dismantled, SecurityWeek reports. While RedLine has been increasingly gaining traction among threat actors, with the malware distributed through fraudulent Adobe Acrobat Sign signature requests, malicious Microsoft OneNote files, and the PureCrypter downloader, researchers from ESET and Flare were able to determine that four GitHub repositories are being leveraged by the malware as its dead-drop resolvers. Such repositories have been suspended by GitHub after being informed by security researchers, resulting in the disruption of the info stealer's operations. "No fallback channels were observed. The removal of these repositories should break authentication for panels currently in use. While this doesn't affect the actual back-end servers, it will force the RedLine operators to distribute new panels to their customers," said ESET in a tweet.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.