How a sequence of opsec failures led US authorities to the alleged developer of the Redline password-stealing malware


U.S. prosecutors have charged Russian nationwide Maxim Rudometov over his alleged involvement in growing and distributing the infamous Redline password-stealing malware.

The fees have been introduced as a part of “Operation Magnus,” first unveiled by the Dutch Nationwide Police on Monday. This years-in-the-making operation noticed worldwide legislation enforcement companies dismantle the infrastructure of Redline and Meta, two prolific malware strains which have been used to steal delicate data from hundreds of thousands of individuals.

A grievance unsealed on Tuesday revealed how a sequence of operational safety — or “opsec” — errors led to the authorities figuring out Rudometov. In response to the indictment, Rudometov used a Yandex e-mail account recognized to legislation enforcement to register accounts on Russian-language hacking boards, the place he used a handful of monikers that have been re-used throughout different platforms together with Skype and iCloud. 

U.S. authorities say they have been in a position to retrieve information from Rudometov’s iCloud account, together with “quite a few information that have been recognized by antivirus engines as malware, together with at the very least one which was… decided to be Redline.”

The identical Yandex e-mail handle was additionally utilized by Rudometov to create a publicly viewable profile on the Russian social networking service VK, in response to the grievance. Regulation enforcement discovered that Rudometov “bore an in depth resemblance” to a person depicted in an commercial present in an earlier weblog submit about Redline. The commercial promoted the person’s expertise in “writing botnets and stealers”. 

Rudemetov allegedly additionally used considered one of his hacking monikers — “ghacking” — on VK’s courting web site, in response to the grievance.

a screenshot of a dating profile used by the alleged developer of the Redline information stealing malware.
a screenshot of a courting profile utilized by the alleged developer of the Redline data stealing malware. Supply: TechCrunch (screenshot)Picture Credit:Division of Justice

After receiving a tip from an unnamed safety agency in August 2021, U.S. authorities obtained a search warrant to investigate the info present in one of many servers utilized by Redline, which supplied further data — together with IP addresses and a Binance handle registered to the identical Yandex account — linking Rudometov to the event and deployment of the infamous infostealer. 

“Rudometov commonly accessed and managed the infrastructure of Redline infostealer, was related to numerous cryptocurrency accounts used to obtain and launder funds, and was in possession of Redline malware,” the DOJ mentioned on Tuesday. The grievance revealed that Redline had been used to contaminate hundreds of thousands of computer systems all over the world since February 2020, together with “a number of hundred” machines utilized by the U.S. Division of Protection. 

It’s not but recognized if Rudometov has been arrested. If convicted, he faces as much as 35 years in jail.

Europol and the Dutch police additionally revealed additional details about Operation Magnus on Tuesday, revealing that three servers have been taken offline within the Netherlands and two domains used for command and management operations by Redline and Meta have been seized.

Authorities additionally took down a number of Telegram accounts related to the malware, which has “triggered the sale of the stealers… to be halted”, and two further people — together with a buyer of the malware — have been arrested in Belgium.

Leave a Reply

Your email address will not be published. Required fields are marked *