Security experts from ESET have successfully disrupted the operations of the RedLine Stealer, a .NET-based info stealing malware that has been active since early 2020, with the assistance of GitHub. ESET researchers, along with Flare, teamed up to curb the operations of the malware operators.
During their analysis, the experts discovered that the malware control panels were using GitHub repositories as dead-drop resolvers. ESET shared their findings with GitHub, leading to the immediate suspension of the identified repositories.
The RedLine Stealer is known for its ability to steal sensitive information, including credentials, cookies, browser history, credit card data, and crypto wallets, from infected systems. Considered a commodity malware available through a malware-as-a-service model, the RedLine Stealer has been a persistent threat since its emergence in early 2020.
By identifying specific GitHub repositories used by the malware operators, ESET researchers were able to disrupt the control panels of the malware.
The removal of the identified repositories made the control panels of the RedLine Stealer unusable, as no fallback channels were observed by the experts. As a result, the operators behind the malware will be forced to set up new panels to recover their operations.
The collaboration between ESET, GitHub, and Flare serves as an example of how security experts are actively working to disrupt and combat the operations of malware operators, thereby safeguarding sensitive information and protecting against cyber threats.
