International Sting Unravels Malware Stealing Crypto and Financial Data
The U.S. Department of Justice (DOJ) has joined an international crackdown on infostealer malware, seizing servers, domains, and crypto accounts linked to the theft of millions of credentials.
International Operation Disrupts Redline and META Infostealers
The U.S. Department of Justice (DOJ) announced Tuesday a coordinated international operation to disrupt Redline and META infostealers, malware that has stolen sensitive information from millions of devices worldwide.
Collaborating with the Federal Bureau of Investigation (FBI), Internal Revenue Service (IRS) Criminal Investigation, Naval Criminal Investigative Service, Army Criminal Investigation Division, and multiple international agencies, the DOJ worked within Europol’s Joint Cybercrime Action Taskforce (JCAT) under “Operation Magnus.” The action, which included the Netherlands and Belgium, targeted the infrastructure of these infostealers by seizing domains, servers, and Telegram accounts used for their distribution and management. The DOJ noted:
Infostealers are a prevalent form of malware used to steal sensitive information from victim’s computers including usernames and passwords, financial information, system information, cookies, and cryptocurrency accounts.
Redline and META are distributed through a decentralized Malware-as-a-Service (MaaS) model, allowing affiliates to purchase licenses and conduct independent campaigns using techniques like phishing, malvertising, and fake software downloads.
Stolen data, known as “logs,” includes usernames, passwords, and financial data, which is often sold on dark web forums for further exploitation. “While an exact number has not been finalized, agents have identified millions of unique credentials (usernames and passwords), email addresses, bank accounts, cryptocurrency addresses, credit card numbers, etc. The United States does not believe it is in possession of all the stolen data and continues to investigate,” officials stated.
Charges were also unsealed against Maxim Rudometov, identified as a key developer and administrator of Redline. The DOJ stated:
According to the complaint, Rudometov regularly accessed and managed the infrastructure of Redline Infostealer, was associated with various cryptocurrency accounts used to receive and launder payments and was in possession of Redline malware.
Rudometov faces charges of access device fraud, conspiracy to commit computer intrusion, and money laundering, carrying a maximum combined sentence of 35 years if convicted. This operation, the DOJ emphasized, underscores its commitment to curbing global cyber threats through collaboration with international law enforcement.