RedLine Malware Exploiting Omicron News is After Your Credentials

Using the ongoing pandemic to steal your sensitive information and credentials has become cybercriminals’ standard practice. The latest attempt relies on RedLine malware spreading via email containing news about the COVID-19 Omicron variant. And who wasn’t at least a bit curious to know what’s the status of Omicron and authorities’ ongoing changes related to restrictions, quarantine, etc.?

In this case, curiosity can do a lot of damage, and by no means you should open any file named ‘Omicron Stats.exe’!

Let’s see how RedLine malware works and how you can stay away from it.

RedLine Malware’s Operation Tactic

One of the most popular info stealers nowadays, RedLine malware is known for targeting online users with various scam tactics. So far, it seems to only affect Windows devices.

RedLine started to circulate in March 2020, but it increased its capabilities as the entire world began to face an increased number of COVID patients. Like many popular online scams and frauds today, this malware exploited the general uncertainty and people’s fears, building its way up into a successful info stealer.

Researchers have uncovered that the range of account credentials RedLine malware is after includes:

      • online payment portals
      • e-banking services
      • file-sharing tools
      • social networking platforms
      • VPN services (CyberGhost VPN isn’t one of them)
      • cookies
      • FTP credentials
      • cryptocurrency wallet data

Additionally, RedLine aims to hunt down:

      • Telegram folders to find images and conversation histories and send them to the attacker’s servers
      • local Discord resources to find and steal logs, database files, and access tokens.

It also grabs data about your device, such as:

  1. graphics card name
  2. BIOS manufacturer
  3. identification code
  4. serial number
  5. release date
  6. version
  7. disk drive manufacturer details.

If you’re wondering what happens with your stolen private data, you’ve guessed it! It ends up on the dark web, and it’s sold for only $10 for a set of user credentials.

Twitter, redline malware news steal credentials

Keeping RedLine Malware Out of Your Way

RedLine malware targeted victims across 12 countries, and it seems to spread the malicious code randomly, not focusing on specific organizations or individuals. That means anyone, including you, can be the next victim.

Here’s how to steer clear of RedLine and any type of malware:

1. Use a network firewall

The firewall constantly checks your network connections, filtering out harmful network traffic, and stops potential threats from entering your device.

2. Only use updated software

Using updated software on all your devices is a basic cybersecurity habit that should never be overlooked. So, always check your apps thoroughly and don’t skip any update alerts.

3. Set spam filters to your emails

Spam filters may not stop some really efficient and well-orchestrated phishing emails, but they block at least part of them. Keep in mind labelling or marking unwanted and suspicious emails as “Spam” or “Junk.” This way, you train your email services to recognize them, and it’ll stop it from sending them right up to your inbox.

4. Encrypt sensitive information

You should never leave your important credentials and important information, like confidential data, or intellectual property, in plain sight, aka in plain text. Encrypt your most important documents, and remember always to use strong passwords and enable MFA whenever possible.

5. Use a good antivirus

Antivirus software is always an essential tool in your arsenal. With Intego solution, you can fend off malware, zero-day exploits, ransomware, Trojans, and other online threats. Covering real-time protection and automatic scans, Intego finds malicious behavior before they start infecting your device and wipes it out immediately.

Have you ever been a victim of an online scam related to the COVID topic?

Let me know in the comments below.

Leave a comment

I can’t find a way to contact cyberghost before I purchase. A phone number? An email address? A chat link?


Hi Bo,

You can find the contact details with links here:

You can always reach our support team, available 24/7 via email at or live chat:

Write a comment

Your email address will not be published. Required fields are marked*