Fortinet has uncovered an effort to spread the RedLine malware by taking advantage of concern about the Omicron COVID-19 strain. FortiGuard Labs researchers said the people behind the malware are trying to use the ongoing COVID crisis to steal information and credentials.
Redline is a relatively common malware that steals all the usernames and passwords it finds on an infected system. Fortinet said the RedLine Stealer variants they saw in this instance steals stored credentials for VPN applications like NordVPN, OpenVPN and ProtonVPN.
“Based on the information collected by FortiGuard Labs, potential victims of this RedLine Stealer variant are spread across 12 countries. This indicates that this is a broad-brush attack and that the threat actors did not target specific organizations or individuals,” the company said in its report, noting that the issue affects Windows users.
“FortiGuard Labs recently came across a curiously named file, ‘Omicron Stats.exe’ which turned out to be a variant of Redline Stealer malware. While we have not been able to identify the infection vector for this particular variant, we believe that it is being distributed via email.”