#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

RedLine Stealer | Breaking Cybersecurity News | The Hacker News

New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth

New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth

Apr 21, 2024 Malware / Cryptocurrency
A new information stealer has been found leveraging Lua bytecode for added stealth and sophistication, findings from McAfee Labs reveal. The cybersecurity firm has assessed it to be a variant of a known malware called RedLine Stealer owing to the fact that the command-and-control (C2) server  IP address  has been previously identified as associated with the malware. RedLine Stealer,  first documented  in March 2020, is typically delivered via email and malvertising campaigns, either directly or via  exploit kits  and loader malware like  dotRunpeX  and  HijackLoader . The off-the-shelf malware is capable of harvesting information from cryptocurrency wallets, VPN software, and web browsers, such as saved credentials, autocomplete data, credit card information, and geolocations based on the victims' IP addresses. Over the years, RedLine Stealer has been co-opted by several threat actors into their attack chains, making it a prevalent strain spanning North America, South America,
LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities

LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities

Nov 18, 2022
The LodaRAT malware has resurfaced with new variants that are being deployed in conjunction with other sophisticated malware, such as RedLine Stealer and Neshta. "The ease of access to its source code makes LodaRAT an attractive tool for any threat actor who is interested in its capabilities," Cisco Talos researcher Chris Neal  said  in a write-up published Thursday. Aside from being dropped alongside other malware families, LodaRAT has also been observed being delivered through a previously unknown variant of another commodity trojan called  Venom RAT , which has been codenamed S500. An AutoIT-based malware, LodaRAT (aka  Nymeria ) is attributed to a group called Kasablanca and is capable of harvesting sensitive information from compromised machines. In February 2021, an  Android version  of the malware sprang forth as a way for the threat actors to expand their attack surface. Then in September 2022, Zscaler ThreatLabz uncovered a new delivery mechanism that involved
Cybersecurity
Expert Insights
Cybersecurity Resources