An international law enforcement effort took down two prominent malware networks.
A group led by the Dutch National Police said it dismantled the infrastructure behind the Redline and META info-stealing malware networks.
According to authorities, at least two people were responsible for setting up and operating the malware network. It is estimated that at least 1,200 servers were covertly infected with the malware and used as part of the distribution network.
In addition to the Dutch police, the takedown involved the EU’s Eurojust agency and the United States’ FBI, which included a court filing in the Western Texas District Court.
“The infostealers, RedLine and META, taken down today targeted millions of victims worldwide, making it one of the largest malware platforms globally,” said Eurojust.
“An international coalition of authorities from the Netherlands, the United States, Belgium, Portugal, the United Kingdom and Australia shut down three servers in the Netherlands, seized two domains, unsealed charges in the United States and took two people into custody in Belgium.”
The info-stealers were spread using a number of methods, including what law enforcement described as “malvertising, email phishing, fraudulent software downloads, and malicious software sideloading.”
Once infected, the malware looks to harvest a wide range of credentials and account details, including local user accounts, cryptocurrency wallets, and contact info including saved email addresses and phone numbers.
In the U.S., the takedown included the seizure of two domains and charges against one of the operators, Maxim Rudometov. If arrested, charged, and convicted, Rudometov faces a possible 30 years behind bars for conspiracy to commit computer intrusion and access device fraud.
“Through various investigative steps, law enforcement has collected victim log data stolen from computers infected with RedLine and META,” the DOJ said in announcing the charges.
“While an exact number has not been finalized, agents have identified millions of unique credentials (usernames and passwords), email addresses, bank accounts, cryptocurrency addresses, credit card numbers, etc.”
The second person charged in the case was not named.
Eurojust set up a removal site for those worried that their systems might be infected with the malware.