“RedLine Stealer takes advantage of the current COVID crisis and that trend is expected to continue. While it is not designed to have a catastrophic effect on the compromised machine, the information it steals can be used for malicious actions by the same cybercriminal or sold to another threat actor for future activity,” FortiGuard Labs said.
What is the Redline Stealer?
“The first reports of the RedLine Stealer date back to at least March 2020 and it quickly became one of the most popular information stealers being sold on underground digital marketplaces,” Fortinet notes.
He adds that the emergence of this malware occurred just as the world began to deal with an increased number of COVID patients, which may have led its developers to use the virus as a decoy.
The uncertainty around Ómicron has created a similar scenario to the one at the beginning of the pandemic, so the way victims are deceived may be the same, however, the malware now includes changes and improvements that make it more dangerous.
How is malware distributed?
FortiGuard Labs noted that they suspect this malicious file is being distributed via email just like previous versions of RedLine Stealer.
“The filename of this current variant, ‘Omicron Stats.exe’, was used just as the Omicron variant was becoming a global concern, following the pattern of previous (malware) versions. And since this malware is embedded in a document designed to be opened by the victim, we have concluded that email is also the infection vector.”