The RedLine Stealer

The RedLine Stealer

How Critical Insight stopped a new kind of malware for a healthcare organization.

Jake Milstein avatar

Jake Milstein

Chief Marketing Officer

An organization focused on education stopped the spread of malware in their organization with help from Critical Insight. The Critical Insight SOC processed multiple alerts at 6:30a.m. for suspicious activities. When an analyst investigated, he found the “RedLine Stealer” Trojan active on the network. The analyst found the malware was attempting to make outbound connections to East Africa. RedLine Stealer is designed to steal information such as cached browser data, logins, passwords, cookies (user site credentials), as well as credit card information. It is also used to take information from the victim’s computer such as IP, country, city, current username, keyboard layout, operating system, etc. Items like IP, country, city and keyboard layout make the other information taken more valuable on the dark web for sale to people targeting by location or language. Once the information is stolen, it can be sold from criminal to criminal and leveraged to steal money, secrets, or insert ransomware.

Of course, as soon as the SOC notified the victim organization, Critical Insight and the organization’s IT team worked together on remediation. The victim isolated and rebuilt the impacted computer. The SOC did a deep investigation to determine whether the Trojan had spread beyond the single computer, but because the SOC had caught the malware so quickly, the Trojan had not spread.

While it’s unclear exactly how RedLine Stealer ended up on the network, there are multiple reports of criminals using “Windows 11 Download” sites and ads to trick victims. HP researchers found a malicious actor who registered windows-upgraded[.]com to trick people and get them to download RedLine Stealer. And Fortinet researchers found RedLine Stealer disguised as Covid phishing bait in a file called “Omicron Stats.exe.”

“Since malware like RedLine Stealer is built to evade standard cybersecurity software, only organizations with comprehensive cybersecurity defenses that include a 24x7 SOC can quickly catch malware like this,” said Critical Insight CTO Mike Simon.

The good news is that the SOC caught the criminals before they did damage.

Critical Insight contact background

Talk to one of our cybersecurity experts

245 4th St Ste 405Bremerton, WA 98337

Looking for careers?

View all job openings

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.