Red-Line Self-Spreading Stealer Attacks Gamers Via YouTube And Cheats
An unusual malicious bundle collection of malicious programs distributed in the form of a single installation file, self-extracting archive, or another file with installer-type functionality recently caught our eye.
Its main payload is the widespread RedLine stealer. Discovered in March 2020, RedLine is currently one of the most common Trojans used to steal passwords and credentials from browsers, FTP clients, and desktop messengers.
It is openly available on underground hacker forums for just a few hundred dollars, a relatively small price tag for malware.
The stealer can pinch usernames, passwords, cookies, bank card details, and autofill data from Chromium- and Gecko-based browsers, data from crypto wallets, instant messengers, and FTP/SSH/VPN clients, as well as files with particular extensions from devices.
In addition, RedLine can download and run third-party programs, execute commands in cmd.exe and open links in the default browser. The stealer spreads in various ways, including through malicious spam e-mails and third-party loaders.
What’s Inside The Red-Line
The discovered bundle is of note for its self-propagation functionality. Several files are responsible for this, which receive videos and post them to the infected users’ YouTube channels along with the links to a password-protected archive with the bundle in the description.
However, The videos advertise cheats and cracks and provide instructions on hacking popular games and software.
Among the games mentioned are APB Reloaded, CrossFire, DayZ, Dying Light 2, F1® 22, Farming Simulator, Farthest Frontier, FIFA 22, Final Fantasy XIV, Forza, Lego Star Wars, Osu!, Point Blank, Project Zomboid, Rust, Sniper Elite, Spider-Man, Stray, Thymesia, VRChat, and Walken.
According to Google, hacked channels were quickly terminated for violation of the company’s Community Guidelines.
Elevated Attacks on Gamers Spiraled
Cybercriminals actively hunt for gaming accounts and gaming computer resources. As we noted in our overview of gaming-related cyber threats, stealer-type malware is often distributed under the guise of game hacks, cheats, and cracks.
Furthermore, the self-spreading bundle with RedLine is a prime example of this: cybercriminals lure victims with ads for cracks and cheats, as well as instructions on how to hack games.
At the same time, the self-propagation functionality is implemented using relatively unsophisticated software, such as a customized open-source stealer.
Entirely, this is further proof if any were needed, that illegal software should be treated with extreme caution.
