RedLine is an information-stealing malware that collects senstive data from users’ browsers. Last week, a server containing over 6 million records was exposed, belonging to RedLine. Verifying it, there are over 441K unique email IDs that surfaced, which are now added to Have I Been Pwned.
Over 441,000 Unique Records
A couple of years ago, researchers have detailed a new information-stealing malware called RedLine. This malware is distributed through various means like phishing emails, crack sites, and YouTube scams. And is capable of stealing browser cookies, credentials, credit cards, and autofill data. Further, it can even steal the victims’ cryptocurrency wallets and credentials stored in VPN clients and FTP clients. Aside from stealing data, RedLine can also act as a backdoor, and inject additional software or execute commands as per the hacker’s choice. All the stolen data will be grouped as “logs” and be exported to a remote server, from which the hacker can then collect later. Last week, a security researcher named Bob Diachenko has discovered an exposed server, belonging to RedLine that has over 6 million records!
— Bob Diachenko (@MayhemDayOne) December 25, 2021 All the data within was supposedly collected between August to September this year and was abandoned by the concerned hacker since no new additions were found since then. An in-depth look into that revealed that most people had used the same email IDs, resulting in many duplicated records. Filtering them out, the dump has 441,657 unique records, making them vulnerable to hacks online. As none cared to secure the server till now, Bob Diachenko shared the data with Have I Been Pwned, so potential victims online can search if their data was compromised or not.