Global Operation Disrupts RedLine and META Infostealers, Involving Australian Federal Police

An international law enforcement collaboration, including the Australian Federal Police (AFP), has disrupted the operations of two major infostealers, RedLine and META, which have been used to steal millions of credentials, financial details, and other sensitive data worldwide.

The U.S. Department of Justice, alongside global partners under “Operation Magnus,” targeted these infostealers, which function by tricking users into downloading malware that collects information from their devices. This stolen data often ends up on cybercrime forums, where it is exploited for fraud and other malicious activities.

RedLine has previously been used to breach large corporations and is known for allowing attackers to bypass multi-factor authentication by stealing authentication cookies and system information. Both RedLine and META operate under a malware-as-a-service model, where licenses can be purchased and used by affiliates to conduct cyber attacks.

Authorities have seized two key domains associated with the command and control of RedLine and META, and charges have been filed against an alleged developer of RedLine. U.S. officials estimate that “millions of unique credentials, email addresses, bank account details, cryptocurrency addresses, credit card numbers, and other data” were compromised, with the count likely rising as investigations continue.

The AFP acknowledged its role in the operation through a LinkedIn post, highlighting its collaboration with agencies in the Netherlands, Belgium, the United States, the UK, and Portugal. According to AFP, further inquiries into the global impact of the operation are ongoing.

Cyber intelligence firm Intel471 reported that the operation targeted key infrastructure and communication channels used by the infostealers. While RedLine activity has only slightly diminished due to alternative distribution channels and cracked versions of the malware, Intel471 called the disruption a significant blow to the infostealer market.

“This effort has effectively disrupted two major strains in the infostealer ecosystem,” Intel471 noted, adding that the seized data could help identify victims and potentially reveal key criminal customers of these malware services. They also highlighted the psychological deterrence this operation might pose to other cyber actors.