A coalition of international law enforcement agencies has announced that it has disrupted the operations of two prolific information thieves who stole sensitive data from millions of people.
The Dutch National Police, which led the destruction of the so-called “Operation Magnus”, reports that it has gained “full access” to servers used by Redline and Meta information thieves.
Infostealer is a type of malware that is specifically designed to extract sensitive information from infected systems, such as passwords, credit card data, search history, and the contents of cryptocurrency wallets.
Redline is considered to be one of the most prolific information stealing malware. According to recent reports, criminals are using Redline, which has been active since 2020, to steal sensitive data from hundreds of millions of people. The malware is believed to be the result of a hack into Uber in 2022, the theft of login information from a Worldcoin Orb operator, and a breach of a senior official at Israel's National Cybersecurity Directorate.
Although Meta is a relatively new information thief, Operation Magnus says: “We now have full access to all Redline and Meta servers. Did you know they're actually pretty much the same?”
In a video posted to its website on Monday, the agency accesses usernames, passwords, IP addresses, timestamps, registration dates, as well as the source code of the Telegram bot used by the data thieves and their operators. He said he was able to do it. Malware.
Authorities also released a list of usernames belonging to Redline and Meta's tip thieves, who are known as “VIPs,” or users who are “very important to law enforcement.” It is not yet clear whether any arrests have been made as part of the operation, but the website claims that “legal action is underway”.
Operation Magnus, supported by the US Federal Bureau of Investigation and the UK National Crime Agency, was announced on a newly created website showcasing Operations Redline and Meta. Simone van Wardlagen, a spokesperson for the Dutch National Police, told TechCrunch that they will release more information about the removal on Tuesday.
A similar takedown approach was taken in a recent operation targeting LockBit, with police taking control of the ransomware gang's dark web leak site and posting details of the operation.