Researchers at Bitdefender have outlined a new campaign using the RedLine Stealer. The malware-as-a-service scheme is providing low-level criminals with the ability to steal many different forms of sensitive data and the price point starts at $150. The campaign is targeting Windows PC’s in North America and Europe. The malware was first seen in 2020 but recent added features have created a spike in the usage of this malware. The campaign is being shared via emails with a malicious attachment, and once run, the process of installing the malware begins. The threat actors are also using the CVE-2021-26411 vulnerability in Internet Explorer to deliver the payload.
Analyst Notes
A patch for the Internet Explorer vulnerability was released last year. This is another example of threat actors taking advantage of old vulnerabilities to carry out attacks. It is important that when patches or updates are released, security teams test and implement the patches as soon as they can. The malware aims to steal usernames, passwords, VPN Credentials, text from files, and credit card data that is stored within browsers. As a rule, no data should be saved in browsers as it makes an easy target for threat actors to steal data. A better solution is to use a trustworthy password manager application to store passwords, and enable Multi-Factor Authentication (MFA) for email accounts and any sensitive accounts to protect them even when passwords are stolen.
https://www.zdnet.com/article/this-phishing-campaign-delivers-malware-that-steals-your-passwords-and-chat-logs/
