www.scmagazine.com
Open in
urlscan Pro
2606:4700:20::ac43:45e3
Public Scan
URL:
https://www.scmagazine.com/news/redline-malware-top-credential-stealer-of-last-6-months?freeoffer=moneymakers
Submission: On August 11 via api from LU — Scanned from DE
Submission: On August 11 via api from LU — Scanned from DE
Form analysis 1 forms found in the DOM
<form class="w-100" scmag-registration="set">
<div class="my-2 font-body"><label class="visually-hidden form-label" for="email">Business Email</label><input placeholder="Business Email*" required="" type="email" id="email" class="fs-7 text-black p-3 form-control" value=""></div>
<div class="fs-9 my-4">
<p>By clicking the Subscribe button below, you agree to SC Media <a class="text-underline" target="_blank" href="https://www.cyberriskalliance.com/terms-of-use">Terms and Conditions</a><span> and
</span><a class="text-underline" target="_blank" href="https://www.cyberriskalliance.com/terms-of-use#privacy-policy">Privacy Policy</a>.</p>
</div>
<div class="row"><button type="submit" class="col-6 btn btn-primary">Subscribe</button></div>
</form>Text Content
Log inRegister CISO Stories Topics Events Podcasts Research Recognition Leadership About Open Search Bar ADVERTISEMENT Identity, Network Security, Malware REDLINE MALWARE TOP CREDENTIAL STEALER OF LAST 6 MONTHS March 14, 2024 Share By Stephen Weigand (Adobe Stock) RedLine malware was used to steal more than 170 million passwords over the last six months, which makes it the most notorious credential stealer during that time, according to research published March 12. RedLine was used in half of all cyber incidents involving stolen passwords (47%) and led the next closest stealer (Vidar) by over two-fold. Vidar, according to the report, was used to pilfer more than 65 million passwords, or 17%. Coming in at the No. 3 is the malware Raccoon Stealer tied to over 42 million stolen passwords, or 11.7%. Malware strains Meta, Cryptbot, Risepro, Stealc, Azorult, Aurora and Darkcrystal rounded out the top 10 credential stealers. The data was culled from known breached passwords lists by KrakenLabs and password management firm Specops, both owned by parent company Outpost24. (Specops) ADVERTISEMENT Over the last six months, KrakenLabs analyzed 359 million stolen passwords to find out the most common malware used to steal credentials, while Specops said their database of breached and compromised passwords contains more than 4 billion unique passwords. Uncovered in March 2020, the RedLine malware is used to export personal information such as credentials, cryptocurrency wallets and financial data to its command-and-control infrastructure. Its payload can also deliver cryptocurrency miner software on the victim’s machine. Specops reported that phishing campaigns were most often used to distribute the leading stealer malware, as well as compromised Google or YouTube accounts. Vidar is an evolved version of the Arkei Stealer, according to Specops, and is distributed in phishing campaigns as Microsoft Compiled HTML Help (CHM) files. Vidar has also been distributed by the PPI malware service PrivateLoader, the Fallout Exploit Kit and the Colibri loader, as well as the GHOSTPULSE malware loader. Raccoon Stealer is a malware-as-a-service that allows cybercriminals to rent the stealer on a monthly basis. As noted by Specops, stolen credentials can be used to carry out further attacks, but more often they're sold on the dark web for other attackers to use the credentials to gain access to networks. The FBI reported that its Internet Crime Complaint Center received a record 880,418 complaints in 2023, an increase of nearly 10% from the year before, and includes crimes such as investment fraud and business email compromise scams, as well as ransomware and cryptocurrency scams. Similarly, the Identity Theft Resource Center reported in January that the number of events where data was compromised increased a record 78% in 2203 over the previous year, although the number of victims decreased by 16%. Darren James, senior product manager for Specops, said it was interesting that the RedLine malware was responsible for nearly half of the stolen passwords the company analyzed, adding that its report also highlights how many passwords are for sale on the dark web. James cautioned users not to reuse passwords, adding that it was vital for security professionals to continuously scan Active Directory for breached or compromised passwords. Stephen Weigand Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area. RELATED Identity US CHARGES NASHVILLE MAN IN ALLEGED NORTH KOREAN FRAUD SCHEME Steve ZurierAugust 9, 2024 Nashville “facilitator” alleged to help North Korean IT workers make up to $300,000 annually. Privacy UN OVERWHELMINGLY APPROVES CYBERCRIME TREATY SC StaffAugust 9, 2024 Attempted modifications to the portions of the draft that received contention were ultimately thumbed down, resulting in a final draft not far off from earlier iterations. Black Hat FIVE TAKEAWAYS FROM BLACK HAT USA 2024 Rom Carmel August 9, 2024 Identity security and AI take center stage at this year’s Black Hat. RELATED EVENTS * Cybercast KEY IDENTITY GUIDANCE FOR LATE 2024 AND EARLY 2025 Wed Sep 11 * Cybercast IDENTITY RESILIENCE: THE MISSING PIECE TO SECURING YOUR IDENTITIES On-Demand Event * Cybercast IDENTITY SECURITY AND USER EXPERIENCE – THERE SHOULDN’T BE A TRADE-OFF On-Demand Event ADVERTISEMENT GET DAILY EMAIL UPDATES SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy. Subscribe ADVERTISEMENT ADVERTISEMENT -------------------------------------------------------------------------------- ABOUT US SC MediaCyberRisk AllianceContact UsCareersPrivacy GET INVOLVED SubscribeContribute/SpeakAttend an eventJoin a peer groupPartner With Us EXPLORE Product reviewsResearchWhite papersWebcastsPodcasts Copyright © 2024 CyberRisk Alliance, LLC All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization. Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms of Use. COOKIES This website uses cookies to improve your experience, provide social media features and deliver advertising offers that are relevant to you. If you continue without changing your settings, you consent to our use of cookies in accordance with our privacy policy. You may disable cookies. Accept cookies