According to Insikt Group analysts, the vast majority of stolen credentials that are sold on two large underground darknet marketplaces are collected using the RedLine Stealer malware.
RedLine Stealer was first discovered in March 2020. Malware can extract credentials from browsers, FTP clients, email, instant messengers, and VPNs. In addition, the malware can steal authentication cookies and card numbers stored in browsers, chat logs, local files and databases of cryptocurrency wallets.
Initially, this malware was sold on hack forums called REDGlade, but after the tool received positive reviews, pirated versions of RedLine Steale began to appear on the same forums. As a result, by August of this year, this allowed malware to spread among intruders quite widely, and they did not even have to pay for using the malware. At the same time, the researchers note that the paid version of RedLine Steale has also found its customers.
The findings of Insikt Group experts echo a similar report from KELA, dated February 2020. Then the researchers found that about 90% of the stolen credentials on the Genesis Market were obtained as a result of attacks on the AZORult infostiler.
These findings suggest that underground marketplaces are highly fragmented and usually work with their own specific suppliers. Similarly, legitimate marketplaces have their own preferences in choosing business partners.
RedLine Stealer was first discovered in March 2020. Malware can extract credentials from browsers, FTP clients, email, instant messengers, and VPNs. In addition, the malware can steal authentication cookies and card numbers stored in browsers, chat logs, local files and databases of cryptocurrency wallets.
Initially, this malware was sold on hack forums called REDGlade, but after the tool received positive reviews, pirated versions of RedLine Steale began to appear on the same forums. As a result, by August of this year, this allowed malware to spread among intruders quite widely, and they did not even have to pay for using the malware. At the same time, the researchers note that the paid version of RedLine Steale has also found its customers.
The findings of Insikt Group experts echo a similar report from KELA, dated February 2020. Then the researchers found that about 90% of the stolen credentials on the Genesis Market were obtained as a result of attacks on the AZORult infostiler.
These findings suggest that underground marketplaces are highly fragmented and usually work with their own specific suppliers. Similarly, legitimate marketplaces have their own preferences in choosing business partners.
