The threat landscape in H2 2024 was quite tumultuous when it comes to some of the most prominent infostealer threats. One of them, the notorious #RedLine Stealer, finally met its demise after being taken down by law enforcement in #OperationMagnus.

The power vacuum left by RedLine’s takedown will likely lead to a bump in the activity of other #MaaS infostealers – this was already reflected in a dramatic increase in detections for Lumma Stealer and Formbook.

In ESET telemetry data, Formbook replaced Agent Tesla as the No. 1 infostealer after its detections shot up by more than 200%. Despite operating since 2016, this MaaS threat is constantly under development, which explains why it is still used so frequently by cybercriminals.

Meanwhile, Lumma Stealer had a busy period: its numbers skyrocketed by almost 400% between H1 and H2 2024, it made for about 75% of cryptostealer detections, and even reared its ugly head in a campaign targeting players of Hamster Kombat 🐹⚔️, a mobile clicker game.

To read more about the upheaval in the infostealer threat landscape, head on over to the H2 2024 #ESETThreatReport: https://web-assets.esetstatic.com/wls/en/papers/threat-reports/eset-threat-report-h22024.pdf

#ESETresearch

RedBeard > RedLine.

Blogpost coming soon™ #MalwareAnalysis #OperationMagnus

Dutch police have updated their report on Operation Magnus to state (the following is a Google machine translation):

"To date, the United States authorities have charged one administrator and the Belgian police have arrested two people. One person has since been released, the other person is still in custody. This is a customer of the infostealer. A search was also carried out in his home. The seized data is being investigated. Follow-up actions and arrests cannot be ruled out."

https://www.politie.nl/nieuws/2024/oktober/29/internationale-opsporingsdiensten-ontmantelen-infostealers.html

#infostealer #RedLine #META #OperationMagnus

The U.S. Attorney's Office for the Western District of Texas has issued a press release about Operation Magnus. Their press release includes revealing a warrant used to seize two domains used for C&C for RedLine and META infostealers.

They also unsealed charges against Maxim Rudometov, believed to be a developer and administrator of RedLine.

https://www.justice.gov/usao-wdtx/pr/us-joins-international-action-against-redline-and-meta-infostealers

domain warrant: https://www.justice.gov/usao-wdtx/media/1375141/dl?inline

Rudometov complaint:
https://www.justice.gov/usao-wdtx/media/1375146/dl?inline

#infostealer #RedLine #META #malware #OperationMagnus