BlackBerry Prevents: RedLine Infostealer Malware

RedLine is an infostealer malware family that was distributed via a COVID-19 email phishing campaign in 2020. It has also been delivered through malicious Google advertisements and a spearphishing campaign that directly targeted digital artists using non-fungible tokens (NFTs) in 2021.

RedLine is extremely versatile and has variously appeared as Trojanized services, games, cracks, and tools. Many samples of RedLine also appear with digital certificates.

Once connection to its Command and Control (C2) panel is established, the RedLine malware has a wide range of applications and services. It attempts to perform illicit exfiltration of victims’ data by gathering information from web-browsers, file transfer protocol (FTP) clients, Instant Messengers (IM), cryptocurrency wallets, VPN services, and gaming clients. It also has remote functionality to drop and execute further malware onto the victim machine.

Prevention First

At BlackBerry, we take a prevention-first and AI-driven approach to cybersecurity. Putting prevention first neutralizes malware before the exploitation stage of the kill-chain.

By stopping malware at this stage, BlackBerry® solutions help organizations increase their resilience. It also helps reduce infrastructure complexity and streamline security management to ensure business, people, and endpoints are secure.

The BlackBerry® Research & Intelligence Team has analyzed the attack methods used by this threat, and in addition to recommending basic cyber hygiene steps, strongly urges BlackBerry customers to ensure their systems have their BlackBerry® Cyber Suite components enabled with a blocking policy and enabled to detect threats that trigger the rules noted below.

BlackBerry Cyber Suite and BlackBerry Guard Stop These Attacks

BlackBerry customers can feel confident that the AI-driven BlackBerry Cyber Suite, as well as our Managed Detection & Response (MDR) product BlackBerry® Guard, are all well-equipped to mitigate the risks posed by threat actors:

• BlackBerry® Protect provides automated malware prevention, application and script control, memory protection, and device policy enforcement.
  
  
• BlackBerry® Optics extends the threat prevention by using artificial intelligence (AI) to prevent security incidents. It provides true AI incident prevention, root cause analysis, smart threat hunting, and automated detection and response capabilities.
  • To protect against RedLine malware attacks, BlackBerry recommends the following BlackBerry Optics rules be activated to provide additional telemetry from the attack:
    • Unsigned Application Network Beaconing
      
      
• BlackBerry® Mobile Threat Detection prevents and detects advanced malicious threats at the device and application levels. It combines the mobile endpoint management capabilities of BlackBerry® UEM, with advanced AI-driven threat protection to get in front of malicious cyberattacks in a Zero Trust (ZT) environment.
  
  
• BlackBerry® Persona creates trust based on behavior analytics, app usage, and network and process invocation patterns. It uses adaptive risk scoring to provide continuous authentication.
  
  
• BlackBerry® Guard customers are proactively protected from RedLine infostealer attacks. Our 24/7 MDR solution customers receive: 
  
  • Alerts monitored in real-time.
  • Corrective policies applied while discovering gaps in policy implementation.
  • Prioritized threat hunting.
  • The latest threat intelligence for fast-moving threats.

BlackBerry Assistance

The BlackBerry® Incident Response Team can work with organizations of any size and across any vertical, to evaluate and enhance their endpoint security posture and proactively maintain the security, integrity, and resilience of their network infrastructure. For emergency assistance, please email us at DLIR@blackberry.com, or use our handraiser form.

Learn more about the latest cybersecurity threats and threat actors in the BlackBerry 2021 Annual Threat Report.