{
	"id": "519b055a-3ba5-48aa-8526-e6393a8008fb",
	"created_at": "2026-04-06T00:17:01.197694Z",
	"updated_at": "2026-04-10T13:11:45.375732Z",
	"deleted_at": null,
	"sha1_hash": "45ddc437678c68984383992a671ffd459075137a",
	"title": "RedLine Info-Stealing Malware Spread by Folding@home Phishing",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2042958,
	"plain_text": "RedLine Info-Stealing Malware Spread by Folding@home Phishing\r\nBy Lawrence Abrams\r\nPublished: 2020-03-19 · Archived: 2026-04-05 19:39:31 UTC\r\nA new phishing email is trying to take advantage of the Coronavirus pandemic and the race to develop medications by\r\npromoting a fake Folding@home app that installs an information-stealing malware.\r\nFolding@home is a well-known distributed computing project that allows users to download software that uses CPU and\r\nGPU cycles to research new drug opportunities against diseases and a greater understanding of various diseases. \r\nAs the COVID-19 epidemic spreads throughout the world, Folding@home has added over 20 new projects focusing on\r\ncoronavirus research and has seen a huge increase in usage by people all over the world.\r\nhttps://www.bleepingcomputer.com/news/security/redline-info-stealing-malware-spread-by-folding-home-phishing/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/redline-info-stealing-malware-spread-by-folding-home-phishing/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nScammers take advantage of a good thing\r\nWith the rise in popularity of Folding@home, security researchers at ProofPoint have discovered a new phishing campaign\r\nthat pretends to be from a company developing a cure for Coronavirus.\r\nThese emails have a subject of \"Please help us with Fighting corona-virus\" and state that they want you to help \"speed up\r\nour process of finding the cure\" by downloading and installing the Folding@home client.\r\nFolding@home Phishing email\r\nClick to see full size\r\nThe text of this email reads:\r\nGreetings from Mobility Research Inc and Folding@Thome\r\nAs we all know, recently corona-virus is becoming a major threat to the human society. We are a leading institution workin\r\nEmbedded in the phishing email is a \"Download now\" button that when clicked will download a file called\r\nfoldingathomeapp.exe, which is the Redline information-stealing Trojan.\r\n\"RedLine Stealer is new malware available for sale on Russian underground forums with several pricing options: $150 lite\r\nversion; $200 pro version; $100 / month subscription option. It steals information from browsers such as login,\r\nautocomplete, passwords, and credit cards. It also collects information about the user and their system such as the username,\r\ntheir location, hardware configuration, and installed security software. A recent update to RedLine Stealer also added the\r\nability to steal cryptocurrency cold wallets,\" ProofPoint states in their report.\r\nOnce installed, the malware will connect to a remote site to receive commands as to what types of data should be stolen\r\nfrom the victim.  These instructions are sent using the SOAP messaging protocol as seen by the image below.\r\nhttps://www.bleepingcomputer.com/news/security/redline-info-stealing-malware-spread-by-folding-home-phishing/\r\nPage 3 of 5\n\nRedLine getting instructions\r\nThis malware can steal saved login credentials, credit cards, cookies, and autocomplete fields from browsers. It can also\r\ncollect data from FTP and IM clients, steal files, download files, execute commands, and send information back about the\r\ncomputer.\r\nYou can see an example of this malware in action in an Any.run session performed by security researcher James.\r\nAs this malware can steal a large amount of information, anyone who has fallen victim to this scam should immediately\r\nperform a scan using antivirus software.\r\nThey should also change the passwords at any online accounts that they frequent as they may now be in the possession of\r\nthe attackers. This should be done from another computer until they are sure their infected computer has been cleaned.\r\nIt should also be noted that Folding@home is a terrific project and just because people are performing scams in their name,\r\ndoes not mean it should be avoided.\r\nJust be sure to download the Folding@home client only from the legitimate site.\r\nhttps://www.bleepingcomputer.com/news/security/redline-info-stealing-malware-spread-by-folding-home-phishing/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/redline-info-stealing-malware-spread-by-folding-home-phishing/\r\nhttps://www.bleepingcomputer.com/news/security/redline-info-stealing-malware-spread-by-folding-home-phishing/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/redline-info-stealing-malware-spread-by-folding-home-phishing/"
	],
	"report_names": [
		"redline-info-stealing-malware-spread-by-folding-home-phishing"
	],
	"threat_actors": [],
	"ts_created_at": 1775434621,
	"ts_updated_at": 1775826705,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/45ddc437678c68984383992a671ffd459075137a.pdf",
		"text": "https://archive.orkl.eu/45ddc437678c68984383992a671ffd459075137a.txt",
		"img": "https://archive.orkl.eu/45ddc437678c68984383992a671ffd459075137a.jpg"
	}
}