US charges Russian national for developing RedLine infostealer
The United States has charged a Russian national for his alleged role in developing infostealer malware, according to an unsealed criminal complaint from the Western District of Texas.
According to the documents, Maxim Rudometov is one of the developers and administrators of RedLine, one of the most prevalent infostealers used by cybercriminals. Rudometov regularly accessed and managed RedLine, and was associated with various cryptocurrency accounts used to receive and launder payments for the software. Rudometov has been charged with access device fraud, conspiracy to commit computer intrusion, and money laundering.
The unsealed charges along with the additional detainment of two unnamed individuals by Dutch National Police, are the latest to come out of Operation Magnus, an international law enforcement operation aimed at stopping the notorious RedLine and Meta infostealers.
The operation first announced on Monday — which also included law enforcement from the Netherlands, Belgium, Portugal, the United Kingdom, and Australia — was claimed to be a success, as officials announced they were in possession of “full access” of RedLine and Meta’s source code, along with other infrastructure like license servers and Telegram bots.
RedLine has been used to target “millions of victim computers,” according to the Justice Department. The infostealer pulls sensitive data such as passwords, login credentials and other personally identifiable information from unsuspecting users that have been tricked into downloading the malware.
Rudometov was caught partly due to sloppy operational security (OPSEC). A blog discovered by law enforcement accused two people using the online monikers “Dendimirror” and “Alinchok” of creating RedLine. Authorities were then able to connect “Dendimirror” and other aliases to a slew of Rudometov’s accounts, like Skype, Russian social media network VK, and Russian email provider Yandex. Additionally, one iCloud account discovered by authorities had Rudometov’s official identification documents, personal photos, alongside malicious files associated with RedLine.
In addition to Rudometov, two people have been arrested by the Belgian Federal Police with one released and the other still in custody, according to a translated press release. Authorities have searched the home of one of the suspects who is believed to have purchased stolen information, and the press release indicates that additional actions or arrests could follow.
If found guilty, Rudometov faces up to 10 years in prison for access device fraud, five years for conspiracy to commit computer intrusion, and 20 years for money laundering, according to the press release.