Fortinet discovers cybercriminals use Omicron news to spread malware

Get a free Techzine subscription!

Fortinet warns Windows users about the spread of Redline malware using the news on COVID-19’s latest variant Omicron. The FortiGuard Labs believe that hackers are leveraging the pandemic to gain access to user information and credentials.

The researchers at FortiGuard discovered that Redline malware is spreading through the news on Omicron, which is the latest COVID-19 variant. The data collected by the labs reveal that the RedLine malware has victimized users in twelve different companies. This information suggests that the attack is not targeted—instead, the threat actors are aimed at a non-specific attack.

How was the malware discovered?

The researchers at FortiGuard Labs discovered a suspicious file saved with the name ‘Omicron Stats. exe’. Upon further examination, the researchers found the file to be a variant of the RedLine Stealer malware. Although the researchers have not yet detected the infection vector for this malware type, they are confident that the infectious program is being transmitted through emails. Following this discovery, Fortinet has warned Windows users to remain vigilant about this issue.

What is RedLine Malware?

RedLine malware has gained popularity in recent years. According to Fortinet, the RedLine Stealer variant specifically targets user credentials for VPN applications, including NordVPN, OpenVPN, and ProtonVPN.

RedLine malware was first discovered in March 2020, during the first strain of the COVID-19 pandemic. After that, the malware speedily gained a reputation for selling user credentials at the underground digital markets. In fact, the researchers at Fortinet also reported that the user credentials were being sold for the minimum amount of $10 on the dark web.

The sold information includes account credentials for digital payment platforms, e-banking facilities, file-sharing tools, and social networking sites, among others. 

Fortinet believes that the RedLine malware made its first appearance at the time COVID-19 was spreading around the globe at a rapid pace. The lack of certainty and the emerging fear empowered the hackers to use the virus to capture users’ attention. Experts at Fortinet also believe that the RedLine Stealer variants have previously embedded the malware in emailed documents featuring COVID-related information to increase the spread.

Additionally, Proofpoint, a cybersecurity firm, also reported that different versions of RedLine malware are being sold on Russian underground forums at $150-$200.