The Dutch Police, Politie, claim to have removed a major threat to organizations all over the world by dismantling two of the most notorious ‘infostealers’, software designed to breach computer systems to steal sensitive information.
“Operation Magnus,” conducted in collaboration with Team Cybercrime Limburg, is reported to have taken down the Redline and META info stealers, which have been responsible for infecting millions of computers worldwide with malware, leaving them open to devastating ransomware attacks and other threats.
Politie was able to take both infostealers offline, deeming them both nonfunctioning and no longer able to steal new data from their infected victims. Additionally, they were able to take down several Telegram channels where the malware was being advertised, causing sales of RedLine and META to come to a halt.
Europol-backed “Operation Magnus” is a Joint Cybercrime Action Taskforce created to disrupt the operations of the infostealers Redline and META. The US Department of Justice has also recently announced that they are joining the international disruption efforts against the infostealers, alongside police and criminal agencies in the Netherlands, Belgium, Australia, the UK, and Portugal.
RedLine ,described as “one of the top malware variants in the world,” and META, were reportedly being sold through a Malware-as-a-Service model, advertised in cybercrime forums, with some Telegram channels even offering customer support and software updates for customers purchasing the infostealers.
Cybercriminals would then reportedly purchase a license to use the malware and conduct cybercrime campaigns to target victims to steal their sensitive information. This stolen information, otherwise known as “logs,” could then be sold on cybercrime forums to be used for further illicit activities, such as identity theft or financial fraud. The malware would allegedly be distributed to victims through malicious advertising (malvertising), email phishing, and fraudulent software downloads.
Millions of users’ data has been recovered
Law enforcement agents have also recovered victim logs from computers infected with RedLine and META, and reportedly identified “millions of unique credentials, email addresses, bank accounts, cryptocurrency addresses, credit card numbers, etc.” The US authorities have also announced that they don’t believe they have uncovered all stolen data and will continue their investigative efforts.
International authorities also created a website for the operation that states, “Involved parties will be notified, and legal actions are underway.”
The homepage now also includes a humorous video posing as an update announcement for the infostealers, joking that the “final update for RedLine and META” has been “made in partnership with international law enforcement.” They quipped that all users of RedLine and META were honored with “VIP status … where VIP means very important to the police”. The video concluded by thanking the user for installing the update, declaring, “We are looking forward to seeing you soon!” while a pair of hands in cuffs were displayed on the screen.
