I spotted this post on Phishlabs before I actually read it yesterday and I asked if it should be in the resources of the site I’m building which is linked here and in beta. This means things will possibly break, not work, or look wrong visually.
The article is titled RedLine Stealer Leads Payloads in Q3 and as the title says, its number 1 this time around in the threat department.
It does have a phishing email component, but it also can spread through other methods.
The main problem with red line is that it is an information stealer. That’s not all it can do though. Here’s the second paragraph on this directly from the article.
Redline is a low-cost information stealer capable of grabbing login credentials, processor details, and banking information from compromised machines. The payload is a widely-distributed malware-as-a-service (MaaS), and a large provider of stolen credentials on underground markets. Redline is also self-propagating and capable of downloading and running third party programs on infected devices
Q-bot ended up in second place, but it usually shuffles within number 1 or two, or possibly third if circumstances change, but usually hangs out in the top 2. Here is what the article states.
QBot is a self-spreading banking trojan known for harvesting credentials, financial information, and more. The payload is also used as a backdoor for additional malicious software and has been connected with Black Basta and Egregor ransomware families. Recent campaigns are being distributed via HTML smuggling, an evasion tactic that hides the payload inside a seemingly benign HTML file.
IcedID (Iced ID) is third and is something I’ve not heard of before. While q-bot could become third in certain circumstances, this is an up and comer and it wouldn’t surprise me if this rose and q-bot ended up taking third. In the section talking about q-bot, it actually states that it is first or second, but with this emergence, maybe it could be third. Here is what the article states about this.
IcedID is capable of gathering processor information, stealing financial data, and harvesting credentials. Its authors are consistently updating the payload’s functionality to enhance deliverability and evade detection.
Here are some stats. I’ll list these, but they are the first paragraphs of each heading I just put in paragraphs.
- In Q3, Redline Stealer was the top reported payload, representing 49.75% of all attacks. Despite emerging in 2020, this is the first quarter Redline was among the top reported payloads by volume.
- IcedID contributed to just under 15% of payload volume in Q3, making it the third most reported malware family in corporate inboxes. First detected in 2017, IcedID is a modular banking trojan known to act as an initial infection vector for ransomware groups such as Conti and Quantum Locker.
There are samples of the way each is delivered in images for the sighted. I really wish they were written out so we, the disabled can read what to look for. Suffice it to say, if uyou get a suspicious link or file or uyou’re just not sure, use virus total as your last line if your program of choice doesn’t pick up the saved file. As for links, most antivirus exvept for trend micro to my knowledge has any defenses for links. Through Trend Micro’s threat protection network, it can block parts or whole pages based on threats and what it knows.
Once again, the article is titled RedLine Stealer Leads Payloads in Q3 and you should read it in full. Please stay safe!
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.