The RedLine stealer takes advantage of your browser’s eagerness to make online life easier by storing private data to autocomplete forms.
This malware that harvests credentials from browsers been around for years, spreading through sneaky yet traditional techniques like fake Windows updates. But it has exploded in 2022, siphoning in masses of private data including email addresses, usernames, passwords, location data, and phone numbers, along with financial data such as credit card numbers.
In the past five months, the stealer has snatched data from hordes of users, which has then turned up on the dark web and other shady online corners for criminals to exploit.
What’s behind the RedLine explosion?
So why has a threat that has been around since the turn of the decade suddenly turned into an insatiable vacuum of personally identifiable information?
One answer is cryptocurrencies and related technologies, such as NFTs.
Criminals have exploited the swelling interest in Web3 assets as a lure to spread the stealer, which then can be potentially used to pilfer users’ cryptocurrency wallets. However volatile the prices of Bitcoin or Ethereum may be, the attraction of using stolen credentials to directly extract valuable financial assets remains extremely high.
If criminals don’t collect these valuable logins, they will happily try to exploit any other data stored inside browsers like Chrome, Opera or Edge—or possibly all of the above, on the same device.
Isn’t the answer to just not trust your browser?
You could say RedLine provides a perfect example of why you should not store any credentials inside your browsers.
This easy diagnosis veers close to victim blaming. While password managers or lockers provide a far more secure way of easing access to the dozens of sites most users access on a regular basis, browser autocompletes are unlikely to disappear soon. Based on RedLine’s success, the number of browsers ripe for the picking remains extraordinarily high.
That means users who cannot resist the urge to save at least some data for easy form-filling need to take a couple of steps to secure their data. And as long as malware like redline is easily available as a service to criminals for as low as $100 a month, users have to optimize their security against this threat.
How to secure your data against RedLine
First, updated security software—such as F-Secure Total—that protects against both RedLine and the dropper it uses to spread is a must.
Next, users should engage in the basic principles of identity management and account security to prevent identity theft and account takeover. Taking the classic advice to use strong and unique passwords for every important account will do you little good if those passwords are sitting in your browser waiting for RedLine to find them.
Using an identity protection service such as F-Secure ID Protection doesn’t just provide you with a simple password vault that makes signing into accounts easy. It also tracks your credentials across the online universe to detect when they have been exposed by a breach or a threat like RedLine. In the last week alone, nearly a million email addresses were included in breach notifications related to this specific stealer.
Taking these simple steps should help you avoid the looted wallets, hijacked accounts and other nightmares that have made RedLine such a profitable venture.