Symantec has recently detected a RedLine Stealer malspam campaign targeting various industries in Vietnam, including oil and gas, industrial, chemical, hotel, and manufacturing sectors. The attackers impersonate a prominent oil and gas company specializing in exploration and production, using a fraudulent email to lure victims. The email invites recipients to submit a quotation for replacement and repair services at one of the company’s oil refineries, with the attached file posing as a Request for Quotation (RFQ). The email attachment, however, contains a malicious RAR archive that, once opened, executes the RedLine Stealer binary.
RedLine Stealer is a well-known infostealer that targets sensitive information, including login credentials, credit card details, browser history, and cryptocurrency wallet data. It is widely used by various cybercriminal groups and is known for its ability to exfiltrate data from compromised systems. Once the malware is installed, it silently collects valuable information from the victim’s device and sends it to a remote server or a Telegram channel controlled by the attacker. This enables the criminals to gather personal, financial, and corporate data for exploitation.
Symantec’s cybersecurity solutions are actively defending against this threat. The campaign has been detected using various security mechanisms, including adaptive-based, behavior-based, and machine learning techniques. Symantec’s products, including VMware Carbon Black and Symantec’s email security solutions, offer comprehensive coverage, detecting and blocking associated malicious indicators, including the RedLine Stealer. Furthermore, Symantec’s Email Threat Isolation (ETI) technology provides an additional layer of protection for its users.
To mitigate the impact of this campaign, Symantec recommends blocking all types of malware from executing, whether known, suspect, or potential unwanted programs (PUPs). Additionally, users are advised to delay execution for cloud scans, leveraging VMware Carbon Black Cloud’s reputation service to ensure that malware is detected before it can execute. These measures aim to reduce the likelihood of successful attacks while strengthening overall cybersecurity defenses against ongoing threats like RedLine Stealer.
Reference: