RedLine, Meta malwares meet their demise at hands of Dutch cops

The RedLine and Meta infostealer malwares, which have targeted millions of individuals globally, have been dismantled in a multinational law enforcement operation led by Dutch authorities and supported by agencies from Australia, Europe, the UK, and the US.

Operation Magnus, with assistance from the National Crime Agency (NCA), resulted in the seizure of three servers in the Netherlands, closure of two malicious web domains, and two arrests in Belgium.

In addition, US authorities have filed charges against Maxim Rudometov, the alleged developer and administrator of RedLine, accusing him of device access fraud, conspiracy to commit computer intrusion, and money laundering.

These malwares were utilized to steal personal data, such as usernames, passwords, financial information (including cryptocurrency data), and system data (like cookies) from infected devices. The stolen data was then sold to other malicious actors on dark web markets for illicit activities and subsequent cyber attacks.

Deputy director Paul Foster of the NCA National Cyber Crime Unit stated, “Redline and other ‘as-a-service’ models provide an all-inclusive and easily accessible way for less technically skilled cyber criminals to cause serious harm to victims worldwide. International collaboration is crucial in dismantling the criminal ecosystem supporting these services.”

The Joint Cybercrime Action Taskforce (JCAT) and Eurojust-supported operation was initiated following reports from victims and information provided by Eset researchers indicating the malwares’ C2 server infrastructure was based in the Netherlands.

Operation Magnus also led to the discovery and confiscation of a database containing RedLine and Meta “clients,” which will be used in legal proceedings. The NCA is actively pursuing further actions against cyber criminals involved in these malwares.

Individuals concerned about falling victim to RedLine or Meta infostealers can utilize the detection and scanning tool available on the Operation Magnus microsite developed by Eset.

Threat intel analyst Vlad Mironescu from Searchlight Cyber noted, “Infostealer malware is a popular tool for cyber criminals, used to harvest sensitive information and credentials. While the takedown of RedLine and Meta may not completely halt cyber criminals from accessing infostealers, it sends a strong message and may have a lasting impact.”