Criminals around the world are taking advantage of the wave of contamination of the Omicron variant of Covid-19 to use it as a theme in campaigns: Fortinet’s threat intelligence laboratory, FortiGuard Labs, has detected the appearance of a file called “Omicron Stats. exe”, the result of a variant of the Redline Stealer malware. The file contains malware that steals information from victims’ devices.
According to information compiled by the researchers, this variant of RedLine Stealer has already tried to kill victims in 12 countries, including some in Latin America and the Caribbean, and could reach Brazil at any time. This indicates that this is a pervasive attack and that the threat is not targeting specific organizations or individuals – it is a pervasive attack.
The “Omicron Stats.exe” file is being distributed via email and is primarily intended for the millions of Windows OS users worldwide. It is shipped embedded in a document designed for the victim to open and automatically downloads the malware.
RedLine Stealer looks for and attempts to steal the following stored browser data:
• Login data
• Web data
• Browser User Agent Details
• Autocomplete orders
• Personal information and credit cards
The malware also tries to collect the following system information:
• Graphics cards
• RAM memory
• Installed programs
• Processes running
• Languages installed
• User name
• Equipment serial number
RedLine Stealer’s first reports are from March 2020 and it has quickly become one of the most widespread information thieves sold on underground digital marketplaces. The information collected by RedLine Stealer is sold on the dark web marketplace for as little as $10 per set of user credentials. The malware emerged just as the world began to deal with an increasing number of Covid patients, prompting its developers to use fear and uncertainty as bait.
While not designed to have a catastrophic effect on the compromised machine, the stolen information can be used for malicious actions by the cybercriminal himself or sold to other criminals for future activities. Users should be aware and cautious with this type of email.
FortiGuard Labs provided the IPS signature “RedLine.Stealer.Botnet” for its foundation to detect RedLine Stealer communication with command and control (C2) servers and prevent exfiltration of critical information and data.