Researchers discovered that hackers are spreading a powerful malware strain via news around the new Omicron strain, stealing information and credentials from Windows users in at least 12 countries.
According to FortiGuard researchers, hackers are infecting devices with “RedLine” malware sent via email, which steals all of the usernames and passwords it finds throughout an infected system.
“FortiGuard Labs recently came across a curiously named file, ‘Omicron Stats.exe’ which turned out to be a variant of RedLine Stealer malware. While we have not been able to identify the infection vector for this particular variant, we believe that it is being distributed via email,” the company said in a statement.
According to FortiGuard Labs data, potential victims of this RedLine Stealer variant are spread across 12 countries.
“This indicates that this is a broad-brush attack and that the threat actors did not target specific organisations or individuals,” said the researchers.
The first reports of RedLine Stealer date back to at least March of 2020, and it quickly rose to prominence as one of the most popular infostealers sold in underground digital markets.
RedLine Stealer’s information is sold on the dark web marketplace for as little as $10 per set of user credentials.
The malware appeared just as the world was dealing with an increase in the number of Covid patients, as well as the growing fear and uncertainty that can cause people to lower their guard, which may have prompted its developers to use Covid as a lure.
“Past RedLine Stealer variants are known to have been distributed in Covid-themed emails to lure victims. The file name of this current variant, ‘Omicron Stats.exe’, was used just as the Omicron variant was becoming a global concern, following the pattern of previous variants,” said the researchers.
Given that this malware is embedded in a document that is meant to be opened by a victim, “we have concluded that email is the infection vector for this variant as well”.