U.S. Provides $10M Bounty for Info on RedLine Malware Creator

The US State Division has introduced a reward of as much as $10 million for data resulting in the identification or location of Maxim Alexandrovich Rudometov, the alleged developer and administrator of the infamous RedLine infostealer malware.

This motion, below the Rewards for Justice program, particularly targets people performing below the path of overseas governments who take part in cyberattacks in opposition to US vital infrastructure in violation of the Laptop Fraud and Abuse Act (CFAA).

Technical Anatomy of a World Infostealer

RedLine, first noticed in early 2020, quickly grew to become one of the crucial prevalent information-stealing malware households worldwide.

Written in .NET, RedLine is distributed by way of a Malware-as-a-Service (MaaS) mannequin, permitting associates to buy licenses and launch their campaigns.

The malware is bought on underground boards and Telegram channels, usually for as little as $100-$150 per license.

Core Technical Options:

• Configuration and C2 Communication:
  RedLine embeds its configuration (together with C2 server addresses and botnet IDs) in Base64, with an extra XOR encryption layer. On execution, it decrypts this configuration to determine a reference to its command-and-control (C2) server. If the C2 is unreachable, RedLine halts execution, serving as an anti-sandbox approach. csharp// Pseudocode for decrypting configuration string base64Config = GetEmbeddedConfig(); byte[] xorDecoded = XOR(base64Config, "Reshipment"); string finalConfig = Base64Decode(xorDecoded);
• Host Profiling:
  Leveraging Home windows Administration Instrumentation (WMI), RedLine collects in depth host information: {hardware} ID, OS model, put in software program, working processes, safety merchandise, geolocation, and extra. This data guides additional malicious actions and helps evade detection. csharp// Question put in AV merchandise ManagementObjectSearcher searcher = new ManagementObjectSearcher("SELECT * FROM AntivirusProduct"); foreach (ManagementObject obj in searcher.Get()) { Console.WriteLine(obj["displayName"]); }
• Knowledge Exfiltration:
  RedLine targets a big selection of delicate information:
  • Browser credentials, cookies, autofill information, and bank card infoCryptocurrency pockets keys (e.g., Armory, Exodus, Ethereum)VPN credentials (NordVPN, ProtonVPN, OpenVPN)Gaming (Steam), messaging (Discord, Telegram), and FTP (FileZilla) credentialsArbitrary information from directories like Program Information and Home windows

  The malware may take stay screenshots utilizing .NET’s CopyFromScreen perform, additional increasing its surveillance capabilities.

• Distant Execution and Persistence:
  Past stealing information, RedLine can obtain and execute further payloads, open URLs, and run distant instructions by way of cmd.exe, successfully performing as a distant entry trojan (RAT).
• Anti-Evaluation Measures:
  RedLine checks the system language and geolocation, usually avoiding execution in international locations of the previous Soviet Union. It additionally employs encoded strings (Home windows-1251) and anti-sandbox logic to evade detection.

World Influence and Legislation Enforcement Response

RedLine has been linked to the theft of billions of credentials and cookies, with its logs continuously bought on the darkish internet and Telegram marketplaces.

The malware was instrumental in a number of high-profile breaches, together with assaults on cloud database suppliers and demanding infrastructure targets.

In October 2024, Operation Magnus—a joint motion involving US, Dutch, Belgian, UK, Portuguese, and Australian authorities—disrupted RedLine’s infrastructure, seizing servers, internet domains, and Telegram channels used for gross sales and assist.

Two associates have been arrested in Belgium, whereas investigators gained entry to RedLine’s supply code and licensing programs.

Nevertheless, Rudometov, who fled Ukraine for Krasnodar, Russia, in 2022, stays at massive.

The US authorities urges anybody with data on Rudometov, his associates, or state-sponsored use of RedLine to submit ideas by way of a Tor-based reporting channel.

The $10 million reward underscores the severity of the menace posed by RedLine and the worldwide effort to dismantle its operations.

To Improve Your Cybersecurity Abilities, Take Diamond Membership With 150+ Sensible Cybersecurity Programs On-line – Enroll Right here