RedLine Stealer.

A subscription Windows info-stealer that dominated 2020–2023 cybercrime markets, harvesting browser secrets, crypto wallets, and FTP/VPN credentials; its infrastructure was disrupted by Operation Magnus in October 2024. Cette notion relève de la catégorie Logiciels malveillants en cybersécurité.

A subscription Windows info-stealer that dominated 2020–2023 cybercrime markets, harvesting browser secrets, crypto wallets, and FTP/VPN credentials; its infrastructure was disrupted by Operation Magnus in October 2024.

RedLine Stealer is a .NET-based Windows information stealer sold on Russian-speaking forums from around 2020 and the most prolific commodity stealer of 2021–2023. Standard capabilities include extraction of saved browser passwords, cookies, autofill, and crypto-extension data from Chromium and Gecko browsers; cryptocurrency wallet files; FTP/VPN/Steam/Discord/Telegram credentials; system fingerprinting; and an exfiltration channel to operator-controlled control servers, often with logs sold further on 'cloud of logs' marketplaces (RussianMarket, 2easy, Genesis successors). RedLine was distributed via cracked software, malvertising, YouTube/SEO baits, malicious Office docs, GitHub releases, and bundled with loaders such as Smoke or PrivateLoader. Stolen RedLine logs underpinned a sizeable share of credential-stuffing and initial-access broker activity through 2023. In October 2024 the U.S. DOJ, Dutch police, Eurojust, Microsoft, ESET, and others ran Operation Magnus, seizing infrastructure for RedLine and its sibling Meta Stealer, charging the alleged developer Maxim Rudometov, and publishing samples that enabled global cleanup. Activity dropped sharply but did not disappear.

Les défenses contre RedLine Stealer combinent habituellement des contrôles techniques et des pratiques opérationnelles, comme détaillé dans la définition ci-dessus.

Noms alternatifs courants : RedLine, Meta Stealer (sibling).