Derp.ca

RedLine Stealer

Also known as: RECORDSTEALER

RedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.

C2 Infrastructure

Hosting/VPS76%
ISP/Residential12%
Unknown12%

Last 7 days

Apr 14, 2026
C2 Hosts: 3
Apr 13, 2026
C2 Hosts: 2
Apr 12, 2026
C2 Hosts: 1
Apr 11, 2026
C2 Hosts: 14
Apr 10, 2026
C2 Hosts: 7
Apr 9, 2026
C2 Hosts: 22
Apr 8, 2026
C2 Hosts: 7

Further Reading

Fake Installers Drop Malware and Open Doors for Opportunistic Attackers

We recently spotted fake installers of popular software being used to deliver bundles of malware onto victims’ devices. These installers are widely used lures that trick users into opening maliciou...

trendmicro.com
Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites

We have been tracking a campaign involving the SpyAgent malware that abuses well-known remote access tools (RATs) — namely TeamViewer — for some time now. While previous versions of the malware hav...

trendmicro.com
IPFS: A New Data Frontier or a New Cybercriminal Hideout? | Trend Micro (US)

In this article, we briefly detail what IPFS is and how it works at the user level, before providing up to date statistics about the current usage of IPFS by cybercriminals, especially for hosting ...

trendmicro.com
CyberGate, RedLine Part of AutoIt Malware Campaign| Zscaler

The CyberGate RAT and RedLine stealer are being delivered in ongoing campaign using the AutoIt malware. Read more.

zscaler.com
A Malware that Mimics Pirated Software Sites | Zscaler

Zscaler ThreatLabz researchers discovered ongoing threat campaigns distributing info-stealer malware by targeting victims trying to download pirated software

zscaler.com
OneNote | ThreatLabz

Zscaler ThreatLabz team observed multiple OneNote malware campaign spreading RATs, Bankers, and Stealer category malware with multi-layer obfuscation.

zscaler.com