Just like the previous year, 2021 ended with COVID-19 and 2022 also started with COVID-19. The only difference is that the world is now dealing with the new Omicron variant instead of the Delta variant that appeared in April 2021. Although reported to be less deadly than previous variants, the Omicron variant has a much higher transmission rate and as a result, the daily numbers of new Omicron patients have become a global concern. As this situation raises concerns about the epidemic again, threat actors are not afraid to use people’s anxieties and fears to their advantage. FortiGuard Labs has recently detected a dangerous file called “Omicron Stats.exe”, which turns out to be a variant of the malicious Redline Stealer software and arouses users’ curiosity with its name.
According to global OSINT information collected and analyzed by FortiGuard Labs, Redline Stealer software works like this: Normally, these victims are victims whose systems are infected with any of the anti-theft viruses. Because these people unknowingly save account passwords and all browser information and then send them to online shopping operators. In such cases, each user profile contains login credentials for accounts on online payment portals, e-banking services, file sharing or social networking platforms. Thus, information is collected from browsers installed on compromised machines, including all Chromium-based browsers and all Gecko (i.e. Mozilla)-based browsers.
Spread in 12 countries by e-mail
This latest variant also continues to perform all these functions. However, this new version includes additional changes and improvements. While FortiGuard Labs cannot identify the infection vector for this particular variant, it believes it was distributed via email. Past RedLine Stealer variants have been known to be distributed in COVID-19-themed emails to lure victims. The filename of this variant, “Omicron Stats.exe”, follows in the footsteps of previous variants and takes advantage of the Omicron variant becoming a global concern. Considering that this malware was embedded in a document designed to be opened by a victim, FortiGuard Labs concluded that emails were also an infection vector for this variant. Information gathered by FortiGuard Labs indicates that potential victims of the RedLine Stealer variant have spread to 12 countries. This shows that this attack is a wide-ranging attack and the threat actors do not target specific institutions or individuals.
30232
