Two of the biggest infostealer malware strains around today have been hit by significant disruption by a major police operation.
The Dutch National Police engaged in Operation Magnus, together with the US Federal Bureau of Investigation (FBI) and other unnamed partners, to take down RedLine and Meta.
In a website propped up for this occasion only, it says, “involved parties will be notified, and legal actions are underway.”
No patch yet
RedLine and Meta are widely known infostealers used by cybercriminals to harvest sensitive data from compromised systems. RedLine, often sold on underground forums, specializes in collecting credentials, cookies, and system information from browsers and applications, making it popular in phishing campaigns and botnets. Meta, emerging as a recent competitor, operates similarly by targeting login details, credit card information, and cryptocurrency wallets.
Both malware strains employ advanced evasion techniques to bypass antivirus detection, allowing attackers to extract valuable data without being easily detected. Their affordability and ease of use make them accessible to a range of threat actors, increasing the risk for individuals and businesses alike.
The Operation Magnus website also hosts a short video clip, explaining what happened.
“We gained full access to all Redline and Meta servers. Did you know that they’re pretty much the same?”, it was said in the video.
“This version of RedLine and Meta include unique insights in your data. Usernames, passwords, IP addresses, timestamps, registration date, and much more. All the RedLine and Meta source code. Including the license servers, REST-API-servers, panels, stealers, and Telegram bots.”
The clip concludes by stating that the law enforcement considers all RedLine and Meta users as VIPs, “where VIP means Very Important to the Police”, while showing a scrolling list with all the names of the infostealing users.
“We are looking forward to seeing you soon,” the police concluded. There has been no word of arrests, but there is a countdown timer on the site, suggesting that additional announcements will be made soon.
This fake Windows news site is spreading malware via hacked Google adsHere’s a list of the best firewalls todayThese are the best endpoint protection tools right now