KEEPNET LABS > Blog > How Redline Malware Uses Omicron to Fool Users

How Redline Malware Uses Omicron to Fool Users

Malware is using Covid-19 as a tool.

How Redline Malware Uses Omicron to Fool Users

In our previous posts, we recently gave information on the latest Redline info stealer malware. Authorities have taken steps to provide protection against malware. But the latest version of the threat vector seems to be taking more victims. This time the malware is using COVID-19 as a tool. But how? Let’s see how Redline malware uses Omicron to fool users!

How Redline Malware Uses Omicron to Fool Users

After its success, hackers sold Redline malware on the dark web for a few hundred dollars. But this time, the hackers distributed the malware via an email that contains an attachment. The email comes with a fake link to download the Omicron stat Counter application. For this, malicious hackers developed a fake application. They distributed the application via email concerning new Omicron cases. Because of its continuous improvement, experts think that developers of this malware are very active, and not only that they are actively developing this malware they also make some additional changes. They develop a variety of methods to spread malware and also generate new capabilities for the malware.


To understand the malicious software better, let’s examine its profile. The malware’s name is Redline and it affects Windows devices and users. It steals confidential information including various data from the infected machine. Experts think that, although its effect is moderate, the malware is very widespread and can give serious damage to users.


This new variant of the RedLine info-stealer targeted user account credentials stored in the computer, VPN login details, bank details, cookies, messaging texts, FTP login information, bitcoin wallet information, OS, systems, graphics processors, i.d. code, serial number, version, computer disk, design, signatures, CPU. Maximum clock speed, motherboard data, IP, region, account details, hardware, UAC settings, antivirus program, folders, keyboard patterns, images are also things to consider.

How Redline Malware Uses Omicron to Fool Users: The Details

Hackers steal all this data with a fake Omicron Statistics counter application. The malicious application starts its task as soon as the target executes the “Omicron statistics” file. The package includes several files and the malware itself.  This new variant of the Redline info stealer malware targets applications like ProtonVPN, Opera, Discord, and OpenVPN. Since Discord resources are very important, hackers also analyze how aggressively they attack discord. They aim to steal access tokens, logs, and database files from Discord.


The virus scans Telegram files in subsequent stages to find photographs and chat logs, and finally transfers all the material to the C2 server, to hackers. This version, according to sources, uses port 14588 and is hosted by 1gservers. Experts saw one IP address in particular, interacting with this server in the weeks following the introduction of the malware. This new Redline malware has fooled users from 12 countries so far, but it does not focus on any specific target.

How Redline Malware Uses Omicron to Fool Users: What to Do?

This new Redline malware has been spotted in 12 countries so far, but it does not focus on any specific target. But users from all over the world should take preventive action beforehand. Since the hackers spread the malware using fake emails, the first thing to do is to check your email’s security. You can test your technologies with email threat simulation tools! Our Email Threat Simulation examines your infrastructure for known and commonly misconfigured email services functions. It also includes test scenarios for determining sub-optimal settings and recommending best practices.

Join
Our Newsletter

Sign up to learn about the latest threats, hacking methods, and news.