Infostealer
RedLine Stealer
aka RedLine
A wildly popular malware-as-a-service infostealer that harvested credentials, cookies and crypto wallets at scale until its 2024 law-enforcement takedown.
RedLine Stealer was, for years, one of the most prevalent infostealers on the market. Sold cheaply as malware-as-a-service from 2020, it harvested saved passwords, session cookies, autofill, and cryptocurrency wallets, then sold the "logs" that fuel account takeover and ransomware intrusions.
Distribution
RedLine spread through cracked software, fake game cheats, malvertising and phishing — anywhere users run untrusted executables. Its stolen cookies were especially valuable for bypassing MFA on corporate accounts.
Operation Magnus
In October 2024, an international operation (Operation Magnus) dismantled RedLine and the related META stealer, seizing infrastructure and charging an alleged developer. Campaign data is tracked on Cyber Breaches; a configuration-extraction walkthrough lives on the Reverse Engineering Hub.
Defense
Block untrusted executables, expire sessions, enforce phishing-resistant MFA, and monitor stealer-log marketplaces for exposure.