RedLine Stealer.

A subscription Windows info-stealer that dominated 2020–2023 cybercrime markets, harvesting browser secrets, crypto wallets, and FTP/VPN credentials; its infrastructure was disrupted by Operation Magnus in October 2024. 它属于网络安全的 恶意软件 分类。

A subscription Windows info-stealer that dominated 2020–2023 cybercrime markets, harvesting browser secrets, crypto wallets, and FTP/VPN credentials; its infrastructure was disrupted by Operation Magnus in October 2024.

RedLine Stealer is a .NET-based Windows information stealer sold on Russian-speaking forums from around 2020 and the most prolific commodity stealer of 2021–2023. Standard capabilities include extraction of saved browser passwords, cookies, autofill, and crypto-extension data from Chromium and Gecko browsers; cryptocurrency wallet files; FTP/VPN/Steam/Discord/Telegram credentials; system fingerprinting; and an exfiltration channel to operator-controlled control servers, often with logs sold further on 'cloud of logs' marketplaces (RussianMarket, 2easy, Genesis successors). RedLine was distributed via cracked software, malvertising, YouTube/SEO baits, malicious Office docs, GitHub releases, and bundled with loaders such as Smoke or PrivateLoader. Stolen RedLine logs underpinned a sizeable share of credential-stuffing and initial-access broker activity through 2023. In October 2024 the U.S. DOJ, Dutch police, Eurojust, Microsoft, ESET, and others ran Operation Magnus, seizing infrastructure for RedLine and its sibling Meta Stealer, charging the alleged developer Maxim Rudometov, and publishing samples that enabled global cleanup. Activity dropped sharply but did not disappear.

针对 RedLine Stealer 的防御通常结合技术控制与运营实践,详见上方完整定义。

常见的别称包括: RedLine, Meta Stealer (sibling)。