X-Industry

redline (5)

Redline and Meta Infostealers are off the Air

13104605869?profile=RESIZE_400xA global law enforcement operation has disrupted infrastructure for the Redline and Meta info stealers, malware tools that cybercriminal groups use to steal sensitive personal data. Operation Magnus took place on 28 October 2024, with law enforcement shutting down three servers used to run the malware in the Netherlands and the seizure of two domains. This means the malware no longer functions and cannot currently be used to steal new data from infected victims.
See: https://redskyalliance.org/xi

Fake GitHub Account

12754173661?profile=RESIZE_400xGitHub’s extensive community and features make it a continued target for threat actors.  This week, security researchers identified a network of 3000 fake GitHub accounts pushing infostealing malware through the platform’s repositories as well as compromised WordPress sites.  The malware Distribution-as-a-Service (DaaS), dubbed ‘Stargazers Ghost Network’, delivers variants of RedLine, Lumma Stealer, Rhadamanthys, RisePro, and Atlantida Stealer, all packaged in password-protected archives.

Attrib

Traffers & YouTube Video Tutorials

11001479897?profile=RESIZE_400xRecently, cyber threat actors have been observed using AI-generated YouTube Videos to spread various stealer malware such as Raccoon, RedLine, and Vidar.   The videos lure users by pretending to be tutorials on downloading cracked software versions such as Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, and other licensed products available only to paid users.  Nothing is free on the Internet; you may be paying with a malware infection.

See:  https://redskyalliance.org/xindustry/raccoon-pass

New Year, New Information-Stealing Malware

10923797266?profile=RESIZE_400xRisePro is an information-stealing malware that was first discovered in mid-December 2022.  The earliest log recording from this malware, as of the time of this writing, was December 12th, 2022.  The logs found were posted to Russian Market, which is a log shop that is like other markets, such as Genesis.  There appeared to be multiple thousands of logs posted [2].  RisePro appears to be written in C++ and acts similarly to the “Vidar” malware.  According to a Joe Sandbox analysis, RisePro exhib

INTELLIGENCE REPORT: CYBER THREATS – FOCUS/SUMMER OLYMPICS

9331924088?profile=RESIZE_400xActivity Summary - Week Ending 30 July 2021:

  • Red Sky Alliance identified 29,998 connections from new unique IP addresses
  • Analysts identified 7,608 new IP addresses participating in various Botnets
  • Do you used Cucurut on YouTube?
  • ‘dmechant’ Malware - Still on the Radar
  • Candiru’s Spyware
  • Google Chrome Security update
  • DNS Cache Poisoning
  • RedLine Malware and the Olympics
  • Israel and Japan working to Protect the Olympics
  • IceFog at the Summer Olympics?
  • BlackMatter group

Link to full report: IR-21-211