RedLine Stealer spread through fake Valorant cheat guide

March 22, 2022
RedLine Stealer Malware Fake Valorant Cheat Guide AimBot Gaming Discord

Multiple threat actors have abused YouTube’s new submission guidelines to distribute malware, such as the RedLine Stealer, which has targeted the Valorant gaming community on the popular streaming site.

The RedLine stealer propagation campaign abuses RIOT GAMES’ first-person shooter game called Valorant. Based on reports, the threat actors endorse cheat codes to bait players into downloading their stealer.

The actors offer an attached link on a YouTube video to all Valorant players. However, the download link is packed with an auto-aiming bot which spreads the RedLine among the gaming community.

In addition, the download link requests its target to disable its anti-malware software to infect its targets effectively. Researchers stated that the fake cheat codes for the popular game are very appealing to gamers since it offers an auto-aiming bot that effectively aids the user in targeting and executing its opponents.

Auto-aiming bots are in high demand among “first-person view” shooting games, especially Valorant.

 

Upon download and execution, the RedLine stealer collects all standard information regarding the target and other credentials such as Discord tokens, crypto wallet files, Valorant account credentials, credentials saved on web browsers, and screenshots.

 

The researchers also indicated that the cryptocurrency wallets included in RedLine’s target list include Bytecoin, Monero, Zcash, Jaxx, LitecoinCore, AtomicWallet, BitcoinCore, Armory, Exodus, and Ethereum.

Other information that the RedLine malware can exfiltrate are data from FileZilla, such as usernames, passwords, port numbers, and addresses. Moreover, Minecraft players can also be a target since its levels, rankings, account credentials, client sessions from a stream can be stolen by the RedLine stealer.

The threat actors constantly make a compressed file of the stolen data and return it to their account via Discord API.

Endorsing malware, such as RedLine, through game cheats on YouTube is an old tactic of threat actors. Thus, it should be something to be aware of by all users. Threat actors throughout numerous platforms can distribute malware, so experts urge users like gamers to avoid installing illegal programs and utilizing malicious websites. Users should also not download cheat tools that are not digitally signed since there is a high chance of it being a trap.

About the author

Leave a Reply