# RedLine Stealer Resurfaces in Fresh RIG Exploit Kit Campaign **[bitdefender.com/blog/labs/redline-stealer-resurfaces-in-fresh-rig-exploit-kit-campaign/](https://www.bitdefender.com/blog/labs/redline-stealer-resurfaces-in-fresh-rig-exploit-kit-campaign/)** ----- [Mihai NEAGU](http://10.10.0.46/blog/labs/author/mneagu/) April 27, 2022 One product to protect all your devices, without slowing them down. [Free 90-day trial](http://10.10.0.46/media/html/consumer/new/get-your-90-day-trial-opt/index.html) ----- At the start of the year, Bitdefender noticed a RIG Exploit Kit campaign using CVE-202126411 exploits found in Internet Explorer to deliver RedLine Stealer, a low-cost password stealer sold on underground forums. When executed, RedLine Stealer performs recon against the target system (including username, hardware, browsers installed, anti-virus software) and then exfiltrates data (including passwords, saved credit cards, crypto wallets, VPN logins) to a remote command and control server. [Download the RedLine Stealer whitepaper](https://www.bitdefender.com/files/News/CaseStudies/study/415/Bitdefender-PR-Whitepaper-RedLine-creat6109-en-EN.pdf) ### Key Findings Bitdefender discovered a new RIG Exploit Kit campaign targeting an Internet Explorer vulnerability designed to distribute RedLine Stealer malware. If executed, the stealer exfiltrates passwords, cookies and credit card data saved in browsers, as well as crypto wallets, chat logs, VPN login credentials and text from files as per the instructions received from the C2 infrastructure. ### Country distribution and daily activity ----- ### Mitigation Ensure anti-virus and EDR solutions have exploit detection capabilities. Look for the indicators of compromise (IOCs) and keep operating systems and thirdparty applications up to date, and prioritize security fixes. [Download the RedLine Stealer whitepaper](https://www.bitdefender.com/files/News/CaseStudies/study/415/Bitdefender-PR-Whitepaper-RedLine-creat6109-en-EN.pdf) **TAGS** [whitepapers](http://10.10.0.46/blog/labs/tag/whitepapers/) [anti-malware research](http://10.10.0.46/blog/labs/tag/antimalware-research/) ----- **AUTHOR** ## Mihai NEAGU Passionate about reverse engineering, Mihai worked on malware analysis and detection techniques in the past. Now he is doing research on exploit detection and mitigation for Windows applications. [View all posts](http://10.10.0.46/blog/labs/author/mneagu/) ## Mihai NEAGU Passionate about reverse engineering, Mihai worked on malware analysis and detection techniques in the past. Now he is doing research on exploit detection and mitigation for Windows applications. [View all posts](http://10.10.0.46/blog/labs/author/mneagu/) **YOU MIGHT ALSO LIKE** **Bookmarks** -----