A global operation, supported by Eurojust, has led to the takedown of servers of infostealers, a type of malware used to steal personal data and conduct cybercrimes worldwide. The infostealers, RedLine and META, taken down today targeted millions of victims worldwide, making it one of the largest malware platforms globally. An international coalition of authorities from the Netherlands, the United States, Belgium, Portugal, the United Kingdom and Australia shut down three servers in the Netherlands, seized two domains, unsealed charges in the United States and took two people into custody in Belgium.
RedLine and Meta were able to steal personal data from infected devices. The data included saved usernames and passwords, and automatically saved form data, such as addresses, email addresses, phone numbers, cryptocurrency wallets, and cookies. After retrieving the personal data, the infostealers sold the information to other criminals through criminal market places. The criminals who purchased the personal data used it to steal money, cryptocurrency and to carry out follow-on hacking activities.
Investigations into RedLine and Meta started after victims came forward and a security company notified authorities about possible servers in the Netherlands linked to the software. Authorities discovered that over 1 200 servers in dozens of countries were running the malware. To take down the transnational malware, Eurojust coordinated cooperation between authorities from the Netherlands, the United States, Belgium, Portugal, United Kingdom and Australia. Through Eurojust, authorities were able to quickly exchange information and coordinate actions to take down the infostealers.
The take down of the infostealers took place on 28 October during a worldwide operation. Three servers were taken down in the Netherlands, two domains were seized, charges were unsealed in the United States and two people were taken into custody in Belgium. After the authorities obtained the data and took down the servers, a message was sent to the alleged perpetrators, including a video. The video sends a strong message to the criminals, showing that the international coalition of authorities was able to obtain crucial data on their network and will shut down their criminal activities. After the message was sent, Belgian authorities took down several Redline and Meta communication channels.
The authorities also retrieved a database of clients from RedLine and Meta. Investigations will now continue into the criminals using the stolen data.
For people concerned they may have fallen victim to RedLine and Meta, a private security company has launched an online tool to allow people to check if their data was stolen. The tool helps potential victims on the steps they need to take if their data has been stolen.
The following authorities were involved in the actions:
- The Netherlands: National Police, Team Cybercrime Limburg, Public Prosecution Service
- United States: Federal Bureau of Investigation; Naval Criminal Investigative Service; Internal Revenue Service Criminal Investigations; Department of Defense Criminal Investigative Service; Army Criminal Investigation Division
- Belgium: Federal Prosecutor’s Office; Federal Police
- Portugal: PolÃcia Judiciária
- United Kingdom: National Crime Agency
- Australia: Australian Federal Police