{"id":13524,"date":"2022-03-21T11:39:09","date_gmt":"2022-03-21T11:39:09","guid":{"rendered":"https:\/\/www.dfi.ch\/redline-malware\/"},"modified":"2022-09-01T12:49:18","modified_gmt":"2022-09-01T12:49:18","slug":"redline-malware","status":"publish","type":"post","link":"https:\/\/www.cheops-technology.ch\/en\/redline-malware\/","title":{"rendered":"REDLINE malware"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"13524\" class=\"elementor elementor-13524 elementor-7019\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-60978a4c ot-traditional elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"60978a4c\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6f521ce6 ot-flex-column-vertical\" data-id=\"6f521ce6\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-14bb0a66 elementor-widget elementor-widget-text-editor\" data-id=\"14bb0a66\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h4> <\/h4><h4><span style=\"color: #4d4d4d;\">REDLINE: The malware that hides in your downloads<\/span><\/h4><h5><em><span style=\"color: #4d4d4d;\">Released in 2020, REDLINE is a malware that aims to steal your personal data.<\/span> <\/em><\/h5><p>Mostly present in software cracks, the REDLINE malware can also be detected in PDF files, archives (ZIP and RAR), and any other documents. Mostly present in software cracks, the REDLINE malware can also be detected in PDF files, archives (ZIP and RAR), and any other documents.<\/p><p>The main objective of this malware is to steal the personal data of infected users. Such as credentials stored in browsers or third-party applications, bank data, browser cookies, text files, screenshots or even cryptocurrency wallets. In some cases, the collected data may end up on the Internet.<\/p><p>REDLINE is often accompanied by other malware. Either as a source or as part of a malware package in a malicious file. It can also serve as a gateway, giving attackers remote control and allowing them to deploy other malware such as ransomware, trojans or cryptocurrency miners.<\/p><p><em><span style=\"text-decoration: underline;\">To give you an idea, here is an example of an attack:<\/span><br><\/em><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b02a8fa elementor-widget elementor-widget-spacer\" data-id=\"b02a8fa\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-d48ab82 ot-traditional elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d48ab82\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-20 elementor-inner-column elementor-element elementor-element-b92b9fd ot-flex-column-vertical\" data-id=\"b92b9fd\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-883a31e elementor-view-default elementor-position-block-start elementor-mobile-position-block-start elementor-widget elementor-widget-icon-box\" data-id=\"883a31e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-box-wrapper\">\n\n\t\t\t\t\t\t<div class=\"elementor-icon-box-icon\">\n\t\t\t\t<span  class=\"elementor-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-download\"><\/i>\t\t\t\t<\/span>\n\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t\t<div class=\"elementor-icon-box-content\">\n\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<p class=\"elementor-icon-box-description\">\n\t\t\t\t\t\tDownloading the software\t\t\t\t\t<\/p>\n\t\t\t\t\n\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-20 elementor-inner-column elementor-element elementor-element-c043edc ot-flex-column-vertical\" data-id=\"c043edc\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b9b8277 elementor-view-default elementor-position-block-start elementor-mobile-position-block-start elementor-widget elementor-widget-icon-box\" data-id=\"b9b8277\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-box-wrapper\">\n\n\t\t\t\t\t\t<div class=\"elementor-icon-box-icon\">\n\t\t\t\t<span  class=\"elementor-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-mouse-pointer\"><\/i>\t\t\t\t<\/span>\n\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t\t<div class=\"elementor-icon-box-content\">\n\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<p class=\"elementor-icon-box-description\">\n\t\t\t\t\t\tExecution of the downloaded software\t\t\t\t\t<\/p>\n\t\t\t\t\n\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-20 elementor-inner-column elementor-element elementor-element-0e30bfd ot-flex-column-vertical\" data-id=\"0e30bfd\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4da40f6 elementor-view-default elementor-position-block-start elementor-mobile-position-block-start elementor-widget elementor-widget-icon-box\" data-id=\"4da40f6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-box-wrapper\">\n\n\t\t\t\t\t\t<div class=\"elementor-icon-box-icon\">\n\t\t\t\t<span  class=\"elementor-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-bug\"><\/i>\t\t\t\t<\/span>\n\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t\t<div class=\"elementor-icon-box-content\">\n\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<p class=\"elementor-icon-box-description\">\n\t\t\t\t\t\tRunning the malware in the background\t\t\t\t\t<\/p>\n\t\t\t\t\n\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-20 elementor-inner-column elementor-element elementor-element-aa04c66 ot-flex-column-vertical\" data-id=\"aa04c66\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4c0034c elementor-view-default elementor-position-block-start elementor-mobile-position-block-start elementor-widget elementor-widget-icon-box\" data-id=\"4c0034c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-box-wrapper\">\n\n\t\t\t\t\t\t<div class=\"elementor-icon-box-icon\">\n\t\t\t\t<span  class=\"elementor-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-file-import\"><\/i>\t\t\t\t<\/span>\n\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t\t<div class=\"elementor-icon-box-content\">\n\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<p class=\"elementor-icon-box-description\">\n\t\t\t\t\t\tCollection of data by the malware\t\t\t\t\t<\/p>\n\t\t\t\t\n\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-20 elementor-inner-column elementor-element elementor-element-0312308 ot-flex-column-vertical\" data-id=\"0312308\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e60d74e elementor-view-default elementor-position-block-start elementor-mobile-position-block-start elementor-widget elementor-widget-icon-box\" data-id=\"e60d74e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-box-wrapper\">\n\n\t\t\t\t\t\t<div class=\"elementor-icon-box-icon\">\n\t\t\t\t<span  class=\"elementor-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-cloud-upload-alt\"><\/i>\t\t\t\t<\/span>\n\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t\t<div class=\"elementor-icon-box-content\">\n\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<p class=\"elementor-icon-box-description\">\n\t\t\t\t\t\tSending the data to a remote server\t\t\t\t\t<\/p>\n\t\t\t\t\n\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<div class=\"elementor-element elementor-element-afd1895 elementor-widget elementor-widget-text-editor\" data-id=\"afd1895\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p> <\/p><p>A user downloads a video game in Peer-to-Peer, however, it contains a version of the REDLINE malware. When the game is installed, the malware runs in the background. The collection of system information begins. Once completed, the malware sends the information to a remote server and it will be retrieved by the attacker.<\/p><p><em>To avoid this situation, we recommend that you take the following preventive actions into consideration :<\/em><\/p><ul><li>Ensure the origin of the items before running them on a workstation<\/li><li>Limit the use of business data on a computer for personal purposes<\/li><li>Prohibit the storage of login credentials, or any other sensitive data in browsers<\/li><li>Enable multi-factor authentication where possible<\/li><\/ul><p>And never forget: when you download illegal software for free, you will pay for this \u201cfreebie\u201d with your personal data.<\/p><p>Always be vigilant.<\/p><p><strong> <\/strong><\/p><p><strong> <\/strong><\/p><p><strong>Glossary : <\/strong><\/p><p><u>Malware:<\/u> <em>A general term for malicious software.<\/em><\/p><p><u>Crack :<\/u><em>An executable program that allows you to modify a paid-for basic program and use it for free.<\/em><\/p><p><u>Ransomware <\/u><em>: Malicious extortion software that takes data hostage and demands a ransom in exchange.<\/em><\/p><p><u>Trojan <\/u><em>: Software that appears legitimate at first glance, but contains malicious features.<\/em><\/p><p><strong> <\/strong><\/p><p><em>(Source : <\/em><a href=\"https:\/\/any.run\/malware-trends\/redline\"><em>app.any<\/em><\/a><em>)<\/em><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Released in 2020, REDLINE is a malware that aims to steal your personal data. <\/p>\n","protected":false},"author":1,"featured_media":7622,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[92,91,90],"tags":[],"class_list":["post-13524","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-article-en","category-malware-en","category-security-en"],"_links":{"self":[{"href":"https:\/\/www.cheops-technology.ch\/en\/wp-json\/wp\/v2\/posts\/13524","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cheops-technology.ch\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cheops-technology.ch\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cheops-technology.ch\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cheops-technology.ch\/en\/wp-json\/wp\/v2\/comments?post=13524"}],"version-history":[{"count":2,"href":"https:\/\/www.cheops-technology.ch\/en\/wp-json\/wp\/v2\/posts\/13524\/revisions"}],"predecessor-version":[{"id":13542,"href":"https:\/\/www.cheops-technology.ch\/en\/wp-json\/wp\/v2\/posts\/13524\/revisions\/13542"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cheops-technology.ch\/en\/wp-json\/wp\/v2\/media\/7622"}],"wp:attachment":[{"href":"https:\/\/www.cheops-technology.ch\/en\/wp-json\/wp\/v2\/media?parent=13524"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cheops-technology.ch\/en\/wp-json\/wp\/v2\/categories?post=13524"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cheops-technology.ch\/en\/wp-json\/wp\/v2\/tags?post=13524"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}