RedLine Stealer.

A subscription Windows info-stealer that dominated 2020–2023 cybercrime markets, harvesting browser secrets, crypto wallets, and FTP/VPN credentials; its infrastructure was disrupted by Operation Magnus in October 2024. Es gehört zur Kategorie Schadsoftware der Cybersicherheit.

A subscription Windows info-stealer that dominated 2020–2023 cybercrime markets, harvesting browser secrets, crypto wallets, and FTP/VPN credentials; its infrastructure was disrupted by Operation Magnus in October 2024.

RedLine Stealer is a .NET-based Windows information stealer sold on Russian-speaking forums from around 2020 and the most prolific commodity stealer of 2021–2023. Standard capabilities include extraction of saved browser passwords, cookies, autofill, and crypto-extension data from Chromium and Gecko browsers; cryptocurrency wallet files; FTP/VPN/Steam/Discord/Telegram credentials; system fingerprinting; and an exfiltration channel to operator-controlled control servers, often with logs sold further on 'cloud of logs' marketplaces (RussianMarket, 2easy, Genesis successors). RedLine was distributed via cracked software, malvertising, YouTube/SEO baits, malicious Office docs, GitHub releases, and bundled with loaders such as Smoke or PrivateLoader. Stolen RedLine logs underpinned a sizeable share of credential-stuffing and initial-access broker activity through 2023. In October 2024 the U.S. DOJ, Dutch police, Eurojust, Microsoft, ESET, and others ran Operation Magnus, seizing infrastructure for RedLine and its sibling Meta Stealer, charging the alleged developer Maxim Rudometov, and publishing samples that enabled global cleanup. Activity dropped sharply but did not disappear.

Schutzmaßnahmen gegen RedLine Stealer kombinieren typischerweise technische Kontrollen und operative Praktiken, wie in der Definition oben beschrieben.

Übliche alternative Bezeichnungen: RedLine, Meta Stealer (sibling).