Cyber-security researchers have unearthed that hackers are spreading powerful malware via news around the new Omicron strain, stealing information and credentials from Windows users in at least 12 countries.
Researchers from cyber-security firm FortiGuard said that hackers are infecting devices with “RedLine” malware sent via emails that steals all of the usernames and passwords it finds throughout an infected system.
“FortiGuard Labs recently came across a curiously named file, ‘Omicron Stats.exe’ which turned out to be a variant of RedLine Stealer malware. While we have not been able to identify the infection vector for this particular variant, we believe that it is being distributed via email,” the company said in a statement.
Based on the information collected by FortiGuard Labs, potential victims of this RedLine Stealer variant are spread across 12 countries.
“This indicates that this is a broad-brush attack and that the threat actors did not target specific organisations or individuals,” said the researchers.
The first reports of RedLine Stealer go back to at least March of 2020 and it quickly became one of the more popular info stealers sold in underground digital markets.
The Information harvested by RedLine Stealer is sold on the darknet marketplace for as low as $10 per set of user credentials.
The malware emerged just as the world began to deal with increased numbers of Covid patients and the growing fear and uncertainty that can cause people to lower their guard, which may have prompted its developers to use Covid as its lure.
“Past RedLine Stealer variants are known to have been distributed in Covid-themed emails to lure victims. The file name of this current variant, ‘Omicron Stats.exe’, was used just as the Omicron variant was becoming a global concern, following the pattern of previous variants,” said the researchers.
Given that this malware is embedded in a document designed to be opened by a victim, “we have concluded that email is the infection vector for this variant as well”.
