fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

New RedLine Malware Version Spread as Fake Omicron Stat Counter

New RedLine Malware Version Spread as Fake Omicron Stat Counter

A new variant of the RedLine info-stealer is distributed via emails using a fake COVID-19 Omicron stat counter app as a lure.

RedLine is a widespread commodity malware sold to cyber-criminals for a couple of hundred USD. It supplies dark web markets with over half of the stolen user credentials sold to other threat actors.

The malware is actively developed and continually improved with widespread deployment using multiple distribution methods.

RedLine targets user account credentials stored on the browser, VPN passwords, credit card details, cookies, IM content, FTP credentials, cryptocurrency wallet data, and system information.

The most recent variant was spotted by analysts at Fortinet, who noticed several new features and improvements on top of an already information-stealing functionality.

Also Read: 10 Simple and Useful Tips On Agreement Drafting Services

Targeting additional data

The new variant has added some more information points to exfiltrate, such as:

  • Graphics card name
  • BIOS manufacturer, identification code, serial number, release date, and version
  • Disk drive manufacturer, model, total heads, and signature
  • Processor (CPU) information like unique ID, processor ID, manufacturer, name, max clock speed, and motherboard information

This data is fetched upon the first execution of the “Omicron Stats.exe” lure, which unpacks the malware and injects it into vbc.exe.

The additional apps targeted by the new RedLine variant are the Opera GX web browser, OpenVPN, and ProtonVPN.

Previous versions of RedLine targeted regular Opera, but the GX is a special “gamer-focused” edition growing in popularity. 

Moreover, the malware now searches Telegram folders to locate images and conversation histories and send them back to the threat actor’s servers.

Finally, local Discord resources are more vigorously inspected to discover and steal access tokens, logs, and database files.

New RedLine variant searching for Discord logs
New RedLine variant searching for Discord logs
Source: Fortinet

Campaign characteristics

While analyzing the new campaign, researchers found an IP address in Great Britain communicating with the command and control server via the Telegram messaging service.

The victims are spread across 12 countries, and the attack doesn’t focus on specific organizations or individuals.

Also Read: Top 5 Impact of Data Loss on Business

“This variant uses 207[.]32.217.89 as its C2 server through port 14588. This IP is owned by 1gservers,” explains the Fortinet report

“Over the course of the few weeks after this variant was released, we noticed one IP address (149[.]154.167.91) in particular communicating with this C2 server.”

As this is a new version of RedLine, we will likely see other threat actors adopt its use soon.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us