| SYMBOL | COMMON_NAME | aka. SYNONYMS |
win.redline_stealer (Back to overview)
RedLine Stealer
aka: RECORDSTEALER
RedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.
References
| 2025-06-24
⋅
Bridewell
⋅
2025 Cyber Threat Intelligence Report AsyncRAT Brute Ratel C4 Cobalt Strike Fog Ghost RAT Lumma Stealer Meduza Stealer Quasar RAT RedLine Stealer Sliver |
| 2025-01-10
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update July to December 2024 Coper FluBot Hook Mirai FAKEUPDATES AsyncRAT BianLian Brute Ratel C4 Cobalt Strike DanaBot DCRat Havoc Latrodectus NjRAT Quasar RAT RedLine Stealer Remcos Rhadamanthys Sliver Stealc |
| 2024-08-14
⋅
Kroll
⋅
REDLINESTEALER Malware Driving the Initial Access Broker Market RedLine Stealer |
| 2024-07-24
⋅
Check Point Research
⋅
Stargazers Ghost Network Atlantida Lumma Stealer RedLine Stealer Rhadamanthys RisePro Stargazer Goblin |
| 2024-07-09
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update January to June 2024 Coper FluBot Hook Bashlite Mirai FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc NjRAT QakBot Quasar RAT RedLine Stealer Remcos Rhadamanthys RisePro Sliver |
| 2024-07-02
⋅
Sekoia
⋅
Exposing FakeBat loader: distribution methods and adversary infrastructure BlackCat Royal Ransom EugenLoader Carbanak Cobalt Strike DICELOADER Gozi IcedID Lumma Stealer NetSupportManager RAT Pikabot RedLine Stealer SectopRAT Sliver SmokeLoader Vidar |
| 2024-06-10
⋅
Mandiant
⋅
UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion Lumma Stealer MetaStealer Raccoon RedLine Stealer RisePro Vidar UNC5537 |
| 2024-04-17
⋅
McAfee
⋅
Redline Stealer: A Novel Approach RedLine Stealer SmartLoader |
| 2024-03-01
⋅
Logpoint
⋅
A Comprehensive Overview on Stealer Malware Families Agent Tesla Formbook RedLine Stealer Remcos Vidar |
| 2024-01-30
⋅
ANY.RUN
⋅
CrackedCantil: A Malware Symphony Breakdown - PrivateLoader, Smoke, Lumma, RedLine, RisePro, Amadey, Stealc, Socks5Systemz, STOP Amadey CrackedCantil Lumma Stealer PrivateLoader RedLine Stealer RisePro SmokeLoader Socks5 Systemz Stealc STOP |
| 2024-01-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q4 2023 FluBot Hook FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc IcedID Lumma Stealer Meterpreter NjRAT Pikabot QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver |
| 2024-01-08
⋅
YouTube (Embee Research)
⋅
Malware Analysis - Simple Javascript Decoding and C2 Extraction (Redline Stealer) RedLine Stealer |
| 2023-11-22
⋅
Twitter (@embee_research)
⋅
Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples) BianLian Xtreme RAT NjRAT QakBot RedLine Stealer Remcos |
| 2023-11-20
⋅
Russian Panda Research Blog
⋅
MetaStealer - Redline's Doppelgänger MetaStealer RedLine Stealer |
| 2023-11-19
⋅
Twitter (@embee_research)
⋅
Combining Pivot Points to Identify Malware Infrastructure - Redline, Smokeloader and Cobalt Strike Amadey Cobalt Strike RedLine Stealer SmokeLoader |
| 2023-11-15
⋅
Twitter (@embee_research)
⋅
Identifying Simple Pivot Points in Malware Infrastructure - RisePro Stealer RedLine Stealer RisePro |
| 2023-11-01
⋅
RedLine Stealer Malware Analysis RedLine Stealer |
| 2023-10-26
⋅
Fourcore
⋅
Threat Hunting: Detecting Browser Credential Stealing [T1555.003] LaZagne RedLine Stealer |
| 2023-10-23
⋅
SarlackLab
⋅
Advice For Catching a RedLine Stealer RedLine Stealer |
| 2023-10-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q3 2023 FluBot AsyncRAT Ave Maria Cobalt Strike DCRat Havoc IcedID ISFB Nanocore RAT NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Stealc Tofsee Vidar |
| 2023-10-10
⋅
Twitter (@embee_research)
⋅
How To Develop Yara Rules for .NET Malware Using IL ByteCodes RedLine Stealer |
| 2023-09-18
⋅
The Record
⋅
"Scattered Spider" group launches ransomware attacks while expanding targets in hospitality, retail RedLine Stealer |
| 2023-09-13
⋅
KrebsOnSecurity
⋅
FBI Hacker Dropped Stolen Airbus Data on 9/11 RedLine Stealer USDoD |
| 2023-08-23
⋅
EclecticIQ
⋅
Malware-as-a-Service: Redline Stealer Variants Demonstrate a Low-Barrier-to-Entry Threat RedLine Stealer |
| 2023-07-11
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q2 2023 Hydra AsyncRAT Aurora Stealer Ave Maria BumbleBee Cobalt Strike DCRat Havoc IcedID ISFB NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee |
| 2023-06-06
⋅
Apophis133
⋅
RedLine Technical Analysis Report RedLine Stealer |
| 2023-05-16
⋅
Secureworks
⋅
The Growing Threat from Infostealers Graphiron GraphSteel Raccoon RedLine Stealer Rhadamanthys Taurus Stealer Vidar |
| 2023-04-16
⋅
OALabs
⋅
XORStringsNet Agent Tesla RedLine Stealer |
| 2023-04-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q1 2023 FluBot Amadey AsyncRAT Aurora Ave Maria BumbleBee Cobalt Strike DCRat Emotet IcedID ISFB NjRAT QakBot RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee Vidar |
| 2023-04-10
⋅
Twitter (@embee_research)
⋅
Redline Stealer - Static Analysis and C2 Extraction Amadey RedLine Stealer |
| 2023-03-30
⋅
loginsoft
⋅
From Innocence to Malice: The OneNote Malware Campaign Uncovered Agent Tesla AsyncRAT DOUBLEBACK Emotet Formbook IcedID NetWire RC QakBot Quasar RAT RedLine Stealer XWorm |
| 2023-03-26
⋅
Updates from the MaaS: new threats delivered through NullMixer Fabookie Koi Loader Koi Stealer Nullmixer PseudoManuscrypt Raccoon RedLine Stealer |
| 2023-03-16
⋅
Trend Micro
⋅
IPFS: A New Data Frontier or a New Cybercriminal Hideout? Agent Tesla Formbook RedLine Stealer Remcos |
| 2023-03-15
⋅
Avast
⋅
(Ab)using Adobe Acrobat Sign to distribute malware RedLine Stealer |
| 2023-03-09
⋅
Kaspersky
⋅
Malvertising through search engines RedLine Stealer |
| 2023-03-01
⋅
Zscaler
⋅
OneNote: A Growing Threat for Malware Distribution AsyncRAT Cobalt Strike IcedID QakBot RedLine Stealer |
| 2023-02-27
⋅
PRODAFT Threat Intelligence
⋅
RIG Exploit Kit: In-Depth Analysis Dridex IcedID ISFB PureCrypter Raccoon RecordBreaker RedLine Stealer Royal Ransom Silence SmokeLoader Zloader |
| 2023-02-26
⋅
Proofpoint
⋅
TA569: SocGholish and Beyond FAKEUPDATES RedLine Stealer solarmarker |
| 2023-02-08
⋅
NTT Security
⋅
SteelClover Attacks Distributing Malware Via Google Ads Increased BATLOADER ISFB RedLine Stealer |
| 2023-02-03
⋅
Cloudsek
⋅
Threat Actors Abuse AI-Generated Youtube Videos to Spread Stealer Malware Alfonso Stealer Bandit Stealer Cameleon Fabookie Lumma Stealer Nanocore RAT Panda Stealer RecordBreaker RedLine Stealer Stealc STOP Vidar zgRAT |
| 2023-02-02
⋅
YouTube (SLEUTHCON)
⋅
Lions, Tigers, and Infostealers - Oh my! RecordBreaker RedLine Stealer Vidar |
| 2023-01-04
⋅
Unpacking RedLine Stealer RedLine Stealer |
| 2022-10-13
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q3 2022 FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm |
| 2022-10-05
⋅
Fortinet
⋅
Excel Document Delivers Multiple Malware by Exploiting CVE-2017-11882 – Part II Formbook RedLine Stealer |
| 2022-09-29
⋅
Team Cymru
⋅
Seychelles, Seychelles, on the C(2) Shore: An overview of a bulletproof hosting provider named ELITETEAM. Amadey Raccoon RedLine Stealer SmokeLoader STOP |
| 2022-09-26
⋅
Kaspersky
⋅
NullMixer: oodles of Trojans in a single dropper ColdStealer DanaBot GCleaner Nullmixer PrivateLoader PseudoManuscrypt RedLine Stealer SmokeLoader Vidar |
| 2022-09-19
⋅
Fortinet
⋅
Excel Document Delivers Multiple Malware By Exploiting CVE-2017-11882 – Part I Formbook RedLine Stealer |
| 2022-09-15
⋅
Kaspersky
⋅
Self-spreading stealer attacks gamers via YouTube RedLine Stealer |
| 2022-09-15
⋅
Sekoia
⋅
PrivateLoader: the loader of the prevalent ruzki PPI service Agent Tesla Coinminer DanaBot DCRat Eternity Stealer Glupteba Mars Stealer NetSupportManager RAT Nymaim Nymaim2 Phoenix Keylogger PrivateLoader Raccoon RedLine Stealer SmokeLoader Socelars STOP Vidar YTStealer |
| 2022-08-31
⋅
BitSight
⋅
Tracking PrivateLoader: Malware Distribution Service PrivateLoader RedLine Stealer SmokeLoader |
| 2022-08-30
⋅
Cisco
⋅
ModernLoader delivers multiple stealers, cryptominers and RATs Coinminer DCRat ModernLoader RedLine Stealer SapphireMiner SystemBC |
| 2022-08-29
⋅
⋅
360 netlab
⋅
PureCrypter Loader continues to be active and has spread to more than 10 other families 404 Keylogger Agent Tesla AsyncRAT Formbook RedLine Stealer |
| 2022-08-29
⋅
360 netlab
⋅
PureCrypter is busy pumping out various malicious malware families Agent Tesla PureCrypter RedLine Stealer |
| 2022-08-29
⋅
Sekoia
⋅
Traffers: a deep dive into the information stealer ecosystem MetaStealer PrivateLoader Raccoon RedLine Stealer Vidar |
| 2022-08-23
⋅
Zscaler
⋅
Making victims pay, infostealer malwares mimick pirated-software download sites RedLine Stealer |
| 2022-08-17
⋅
Secureworks
⋅
DarkTortilla Malware Analysis Agent Tesla AsyncRAT Cobalt Strike DarkTortilla Nanocore RAT RedLine Stealer |
| 2022-08-10
⋅
Palo Alto Networks Unit 42
⋅
BlueSky Ransomware: Fast Encryption via Multithreading BlueSky RedLine Stealer |
| 2022-08-08
⋅
N1ght-W0lf Blog
⋅
YARA for config extraction RedLine Stealer |
| 2022-08-08
⋅
Medium CSIS Techblog
⋅
An inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure Riltok magecart Anubis Azorult BetaBot Buer CoalaBot CryptBot DiamondFox DreamBot GCleaner ISFB Loki Password Stealer (PWS) MedusaLocker MeguminTrojan Nemty PsiX RedLine Stealer SmokeLoader STOP TinyNuke Vidar Zloader |
| 2022-08-02
⋅
Recorded Future
⋅
Initial Access Brokers Are Key to Rise in Ransomware Attacks Azorult BlackMatter Conti Mars Stealer Raccoon RedLine Stealer Taurus Stealer Vidar |
| 2022-08-01
⋅
SecurityScorecard
⋅
A Detailed Analysis of the RedLine Stealer RedLine Stealer |
| 2022-08-01
⋅
SecurityScorecard
⋅
A Detailed Analysis of the RedLine Stealer RedLine Stealer |
| 2022-07-27
⋅
K7 Security
⋅
Credential Stealer RedLine Reemerges RedLine Stealer |
| 2022-07-13
⋅
KELA
⋅
The Next Generation of Info Stealers Arkei Stealer Azorult BlackGuard Eternity Stealer Ginzo Stealer Mars Stealer MetaStealer Raccoon RedLine Stealer Vidar |
| 2022-06-28
⋅
AhnLab
⋅
New Info-stealer Disguised as Crack Being Distributed ClipBanker CryptBot Raccoon RedLine Stealer |
| 2022-06-15
⋅
Qualys
⋅
Fake Cracked Software Caught Peddling Redline Stealers RedLine Stealer |
| 2022-05-25
⋅
Team Cymru
⋅
Bablosoft; Lowering the Barrier of Entry for Malicious Actors BlackGuard BumbleBee RedLine Stealer |
| 2022-05-19
⋅
Blackberry
⋅
.NET Stubs: Sowing the Seeds of Discord (PureCrypter) Aberebot AbstractEmu AdoBot 404 Keylogger Agent Tesla Amadey AsyncRAT Ave Maria BitRAT BluStealer Formbook LimeRAT Loki Password Stealer (PWS) Nanocore RAT Orcus RAT Quasar RAT Raccoon RedLine Stealer WhisperGate |
| 2022-05-17
⋅
Microsoft Security
⋅
In hot pursuit of ‘cryware’: Defending hot wallets from attacks Mars Stealer RedLine Stealer |
| 2022-05-12
⋅
Netskope
⋅
RedLine Stealer Campaign Using Binance Mystery Box Videos to Spread GitHub-Hosted Payload RedLine Stealer |
| 2022-05-12
⋅
Morphisec
⋅
New SYK Crypter Distributed Via Discord AsyncRAT Ave Maria Nanocore RAT NjRAT Quasar RAT RedLine Stealer |
| 2022-05-10
⋅
eSentire
⋅
Redline Stealer Masquerades as Photo Editing Software RedLine Stealer |
| 2022-04-27
⋅
Bitdefender
⋅
RedLine Stealer Resurfaces in Fresh RIG Exploit Kit Campaign RedLine Stealer |
| 2022-04-25
⋅
muha2xmad
⋅
Full RedLine malware analysis | IoCs | Stealing information RedLine Stealer |
| 2022-04-18
⋅
Bitdefender
⋅
RedLine Stealer Analysis RedLine Stealer |
| 2022-04-14
⋅
Cisco Talos
⋅
Threat Spotlight: "Haskers Gang" Introduces New ZingoStealer RedLine Stealer |
| 2022-03-24
⋅
paloalto Netoworks: Unit42
⋅
Threat Brief: Lapsus$ Group RedLine Stealer |
| 2022-03-23
⋅
KrebsOnSecurity
⋅
A Closer Look at the LAPSUS$ Data Extortion Group RedLine Stealer |
| 2022-03-23
⋅
SecurityAffairs
⋅
It’s official, Lapsus$ gang compromised a Microsoft employee’s account RedLine Stealer |
| 2022-03-22
⋅
Bleeping Computer
⋅
Microsoft confirms they were hacked by Lapsus$ extortion group RedLine Stealer |
| 2022-03-22
⋅
The Hacker News
⋅
Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group RedLine Stealer |
| 2022-03-22
⋅
Microsoft
⋅
DEV-0537 (UNC3661) criminal actor targeting organizations for data exfiltration and destruction RedLine Stealer LAPSUS |
| 2022-03-13
⋅
Bleeping Computer
⋅
Fake Valorant cheats on YouTube infect you with RedLine stealer RedLine Stealer |
| 2022-03-03
⋅
Medium s2wlab
⋅
Deep Analysis of Redline Stealer: Leaked Credential with WCF RedLine Stealer |
| 2022-02-09
⋅
BleepingComputer
⋅
Fake Windows 11 upgrade installers infect you with RedLine malware RedLine Stealer |
| 2022-02-08
⋅
HP
⋅
Attackers Disguise RedLine Stealer as a Windows 11 Upgrade RedLine Stealer |
| 2022-02-08
⋅
Intel 471
⋅
PrivateLoader: The first step in many malware schemes Dridex Kronos LockBit Nanocore RAT NjRAT PrivateLoader Quasar RAT RedLine Stealer Remcos SmokeLoader STOP Tofsee TrickBot Vidar |
| 2022-02-07
⋅
Trellix
⋅
Trellix Global Defenders: Invasion of the Information Snatchers - Protecting against RedLine Infostealer RedLine Stealer |
| 2022-01-20
⋅
SANS ISC InfoSec Forums
⋅
RedLine Stealer Delivered Through FTP RedLine Stealer |
| 2022-01-20
⋅
blog.rootshell.be
⋅
[SANS ISC] RedLine Stealer Delivered Through FTP RedLine Stealer |
| 2022-01-19
⋅
Chainanalysis
⋅
Meet the Malware Families Helping Hackers Steal and Mine Millions in Cryptocurrency Glupteba RedLine Stealer |
| 2022-01-10
⋅
Fortinet
⋅
COVID Omicron Variant Lure Used to Distribute RedLine Stealer RedLine Stealer |
| 2022-01-03
⋅
AhnLab
⋅
Distribution of Redline Stealer Disguised as Software Crack DanaBot RedLine Stealer Vidar |
| 2022-01-02
⋅
Atomic Matryoshka
⋅
"Cracking Open the Malware Piñata" Series: Intro to Dynamic Analysis with RedLineStealer RedLine Stealer |
| 2021-12-02
⋅
Cisco
⋅
Magnat campaigns use malvertising to deliver information stealer, backdoor and malicious Chrome extension Azorult RedLine Stealer |
| 2021-11-29
⋅
Trend Micro
⋅
Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites AsyncRAT Azorult Nanocore RAT NjRAT RedLine Stealer Remcos |
| 2021-11-02
⋅
Minerva
⋅
Underminer Exploit Kit: The More You Check The More Evasive You Become Amadey Oski Stealer RedLine Stealer UnderminerEK |
| 2021-10-21
⋅
Bleeping Computer
⋅
Massive campaign uses YouTube to push password-stealing malware Raccoon RedLine Stealer |
| 2021-10-14
⋅
Recorded Future
⋅
RedLine Stealer Is Key Source of Identity Data for Criminal Shops RedLine Stealer |
| 2021-09-27
⋅
Trend Micro
⋅
Fake Installers Drop Malware and Open Doors for Opportunistic Attackers RedLine Stealer Socelars Vidar |
| 2021-09-27
⋅
Cyber-Anubis
⋅
RedLine Infostealer | Detailed Reverse Engineering RedLine Stealer |
| 2021-08-26
⋅
Minerva Labs
⋅
Become A VIP Victim With New Discord Distributed Malware BlackNET RAT RedLine Stealer |
| 2021-08-04
⋅
⋅
ASEC
⋅
S/W Download Camouflage, Spreading Various Kinds of Malware Raccoon RedLine Stealer Remcos Vidar |
| 2021-07-12
⋅
IBM
⋅
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation 404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos |
| 2021-07-12
⋅
Cipher Tech Solutions
⋅
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation 404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos |
| 2021-07-08
⋅
Blackberry
⋅
Threat Thursday: Redline Infostealer RedLine Stealer |
| 2021-06-14
⋅
Blaze's Security Blog
⋅
Digital artists targeted in RedLine infostealer campaign RedLine Stealer |
| 2021-06-02
⋅
Morphisec
⋅
Google PPC Ads Deliver Redline, Taurus, and mini-Redline Infostealers RedLine Stealer Taurus Stealer |
| 2021-04-27
⋅
Minerva Labs
⋅
RedLine Stealer Masquerades as Telegram Installer RedLine Stealer |
| 2021-01-18
⋅
Medium csis-techblog
⋅
GCleaner — Garbage Provider Since 2019 Amadey Ficker Stealer Raccoon RedLine Stealer SmokeLoader STOP |
| 2020-10-05
⋅
Juniper
⋅
New pastebin-like service used in multiple malware campaigns Agent Tesla LimeRAT RedLine Stealer |
| 2020-09-07
⋅
Github (StrangerealIntel)
⋅
Time to take the bull by the horns RedLine Stealer Taurus Stealer |
| 2020-07-30
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q2 2020 AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader |
| 2020-07-02
⋅
Zscaler
⋅
CyberGate RAT and RedLine Stealer Delivered in Ongoing AutoIt Malware Campaigns CyberGate RedLine Stealer |
| 2020-03-19
⋅
Bleeping Computer
⋅
RedLine Info-Stealing Malware Spread by Folding@home Phishing RedLine Stealer |
| 2020-03-16
⋅
Proofpoint
⋅
New RedLine Stealer Distributed Using Coronavirus-themed Email Campaign RedLine Stealer |
| 2020-03-16
⋅
Proofpoint
⋅
TA505 and Others Launch New Coronavirus Campaigns; Now the Largest Collection of Attack Types in Years RedLine Stealer |
There is no Yara-Signature yet.