On October 28, 2024, the Dutch National Police and the United States Federal Bureau of Investigation (FBI), along with other partners that maker up the international law enforcement task force Operation Magnus, seized at least two web domains (fivto.online and spasshik.xyz), 1,200 servers and several communications channels (including Telegram servers) tied to the RedLine and Meta infostealers. The malware was sold to customers for $100-150 as a “Malware-as-a-service” and was distributed to victims through malvertising, email phishing, fraudulent software downloads and sideloads and COVID or Windows Update-related ruses.
The United States Dept. of Justice has also filed charges against Russian national Maxim Rudometov, one of the developers and administrators of the RedLine malware that went under the monikers “Dendimirror” and “Allinchok.” Rudometov is charged with:
- Access Device Fraud (18 U.S.C. § 1209)
- Conspiracy to commit computer intrusion (18 U.S.C. § 1030 and 371)
- Money laundering (18 U.S.C. § 1956)
The malware has been on our radar since September 26, 2021 and has often been tied to fake Android rooting software and malicious game downloads or Nitro generators spread through Discord.