Police operation claims takedown of prolific Redline and Meta password stealers

A coalition of international law enforcement agencies, spearheaded by the Dutch National Police, has successfully disrupted the operations of two significant infostealers, Redline and Meta, which have collectively compromised the sensitive data of millions of individuals. This initiative, referred to as “Operation Magnus,” has reportedly granted authorities “full access” to the servers utilized by these infostealers, and involved collaboration with the U.S. Federal Bureau of Investigation and the U.K.’s National Crime Agency.

Infostealers, a specific category of malware, are designed to siphon sensitive information from infected systems. They typically target data such as passwords, credit card details, browsing histories, and contents of cryptocurrency wallets. Redline, in particular, stands out as one of the most prevalent strains of infostealer malware since its emergence in 2020, reportedly facilitating the theft of data from hundreds of millions of victims. It has been linked to notable incidents, including a 2022 breach at Uber, the compromise of login credentials from Worldcoin Orb operators, and a data breach involving a senior official at Israel’s National Cybersecurity Directorate.

Meta is identified as a newer entrant in the realm of infostealers, yet the findings from Operation Magnus indicate that its operational methodologies are closely aligned with those of Redline. In a recently shared video, the involved agencies revealed they accessed usernames, passwords, IP addresses, timestamps, registration dates, along with the source code for both infostealer programs and the Telegram bots associated with their operators.

The operation also disclosed a list of usernames belonging to individuals classified as “VIP” or “very important to the police” users of the Redline and Meta infostealers. While the specifics regarding arrests made during this operation remain unclear, the website announced by law enforcement indicated that legal actions are forthcoming against those involved.

Announced via a dedicated website, Operation Magnus aims to expose the operations behind Redline and Meta while simultaneously threatening the anonymity of their operators. Simone van Wordragen, a spokesperson for the Dutch National Police, indicated that further details concerning the takedown would be revealed on Tuesday, emphasizing the ongoing nature of the investigation.

This operation mirrors prior law enforcement strategies, such as the recent targeting of the LockBit ransomware group, wherein police took control of the gang’s dark web leak site to disseminate operational details. Such tactics signal a robust approach to combating cybercrime by rendering these sophisticated malware networks vulnerable.

Overall, Operation Magnus represents a significant step in the global fight against cybercriminal activities, highlighting international cooperation among law enforcement agencies and the proactive measures being taken to safeguard sensitive data from malicious actors. As investigations continue, the full ramifications of this disruption may unfold, potentially leading to a broader crackdown on similar infostealer operations.