RedLineStealer Masquerades as Telegram Installer

RedlineStealer Masquerades as Telegram Installer

Stealers are pieces of malicious code written with a hit and run mentality, their main purpose is to find anything of value on an infected device and exfiltrate it back to its operator. The common infection method of these nefarious viruses is either as a second stage payload or by masquerading as legitimate software. RedlineStealer is one such stealer which is commonly used by attackers to harvest credentials from unsuspecting users. The .Net based malware has recently been disguised as an installer of the popular secure messaging app, Telegram. In this blog we will unpack RedLineStealer and show the evasive techniques it uses to bypass security products.

Article Link: https://blog.minerva-labs.com/redline-stealer-masquerades-as-telegram-installer