Like the previous year, 2021 ended with Covid and 2022 started with the same. The only difference is that the world is now dealing with the new Omicron variant instead of the Delta variant, which came out in April 2021.
Omicron’s daily new patient counts have become a global concern and, as we have learned, Unfortunately, cybercriminals use fear to their advantage.
According to FortiGuard Labs, the threat intelligence laboratory of the cybersecurity company Fortinet, recently found a file named “Omicron Stats.exe” which turned out to be a variant of Redline Stealer malware that steals information from victims’ devices.
According to information collected by FortiGuard Labs, potential victims of this RedLine Stealer variant are spread across 12 countries, including some in Latin America and the Caribbean.
This indicates that this is a widespread attack and the perpetrators of this threat did not target specific organizations or individuals.
What damage does the new variant RedLine Stealer (Omicron Stats.exe) do?
The file “Omicron Stats.exe” is distributed by email and it’s being used just as the Omicron variant has become a global concern, following the pattern of previous RedLine Stealer variants.
This malware is mostly targeted at the millions of users of the Windows operating system in the world, it is delivered embedded in a document designed to be opened by the victim and generates the automatic download of the malware.
RedLine Stealer searches for and attempts to steal the following stored browser data:
- login data
- web data
- Browser user agent details
- Autocomplete Orders
- Personal information and credit cards
The malware also tries to collect the following system information:
- graphics cards
- installed programs
- running processes
- installed languages
- Equipment serial number
The first reports of the RedLine Stealer date back to at least March 2020 and It quickly became one of the most widespread information stealers being sold on underground digital markets.
The information collected by RedLine Stealer it is sold on the dark web market for as little as $10 per set of user credentials. The malware emerged just as the world began to deal with an increased number of Covid patients and the growing fear and uncertainty that can make people drop their guard, has led its developers to use it as a decoy.
How to protect yourself?
RedLine Stealer takes advantage of the current Covid crisis and that trend is expected to continue. While not designed to have a catastrophic effect on the compromised machine, the information it steals can be used for malicious actions by the cybercriminal himself or sold to other criminals for future activities..
Users should remain vigilant and be wary of this type of email.