RedLine
Description
(Cofense) RedLine Stealer, first seen in 2020, is probably the most well-known stealer on this list. It uses Simple Object Access Protocol (SOAP) for communication with its command-and-control center and can use a variety of plugins. It’s used to collect information from various installed programs including credentials stored in browsers, email applications, as well as cryptocurrency wallet data. RedLine Stealer is often associated with sophisticated phishing campaigns that, after a successful infection, can deliver additional payloads like ransomware or more advanced malware.
Names
| Name |
|---|
| RedLine |
| RedLine Stealer |
Category
Malware
Type
- Backdoor
- Info stealer
Information
- https://cofense.com/blog/luxury-hotels-remain-target-of-social-engineering-attack/
- https://www.trendmicro.com/en_us/research/23/i/redline-vidar-first-abuses-ev-certificates.html
- https://www.infosecurity-magazine.com/news/redline-stealer-malware-scrubcrypt/
- https://unit42.paloaltonetworks.com/malware-configuration-extraction-techniques-guloader-redline-stealer/
- https://www.mcafee.com/blogs/other-blogs/mcafee-labs/redline-stealer-a-novel-approach/
- https://www.bleepingcomputer.com/news/legal/redline-meta-infostealer-malware-operations-seized-by-police/
- https://www.justice.gov/usao-wdtx/pr/us-joins-international-action-against-redline-and-meta-infostealers
- https://www.welivesecurity.com/en/eset-research/life-crooked-redline-analyzing-infamous-infostealers-backend/
- https://www.bleepingcomputer.com/news/security/us-offers-10m-for-tips-on-state-hackers-tied-to-redline-malware/
Other Information
Uuid
20c23064-7901-44cf-a07c-fe528fa60ab9
Last Card Change
2025-06-28