It looks like information about Omicron, but it is malware to steal your browser passwords: this is how it works


RedLine malware, capable of stealing information and passwords from your computers has taken a new form. While in December we published how RedLine Stealer managed to get hold of data from the password managers that we use in our browsers, now it is expanding through news about the new variant of Covid-19, Omicron.

Researchers at FortiGuard Labs, a unit within Fortinet, have discovered that the people behind the malware are trying to use the pandemic to steal information and credentials. The goal is then to sell those passwords through which cybercriminals can, for example, steal money.

Ransomware: what it is, how it infects and how to protect yourself

That’s how it works

redline stealer

RedLine is a relatively common malware that steals all the usernames and passwords it finds on the systems it manages to infect. Fortinet said that the RedLine Stealer variant in this case steal stored credentials for VPN applications such as NordVPN, OpenVPN and ProtonVPN.

It is believed that, through emails, cybercriminals manage to introduce a file on computers. East file is called ‘Omicron Stats.exe’ and it turns out to be a variant of the RedLine Stealer malware that has been known since March 2020, taking different forms and always with the aim of stealing passwords. The problem affects Windows users.

"Microsoft is the world's best host of malware", according to a former employee of his security area

“According to information collected by FortiGuard Labs, the potential victims of this RedLine Stealer variant are spread across 12 countries. This indicates that this is a large-scale attack and that the threat actors are not targeting specific organizations or individuals. “, the researchers have said. RedLine Stealer is malware that has been attacking since at least March 2020. Fortinet found that it is very popular in the underground digital markets for the sale of malware. RedLine is for sale on underground forums for between $150 and $200.

Passwords are sold for 10 dollars


The researchers said that cybercriminals often use this malware to steal information and sell it on Dark Net markets “por as little as $10 for a user’s entire set of credentials”. It seems that the passwords of most interest are obviously those used to access accounts for online payment portals, electronic banking services and file sharing tools. But also those to access social networks.

The fact that this malware emerged in March 2020 and now manages to enter computers by offering information about the Omicron variant is no accident. According to experts “as the world began to grapple with the rising number of COVID patients and growing fear and uncertainty can make people let their guard down, and this may have led its developers to use COVID as their lure.”

A few weeks ago, [Have I Been Pwned añadió 441.657 direcciones de correo electrónico](integrates over 220 million new pieces of data: so you can see if your password was stolen in a recent breach) to its database after malware logs were discovered by cybersecurity researcher Bob Diachenko RedLine Stealer exposed online.


Please enter your comment!
Please enter your name here