A coalition of international law enforcement agencies has dismantled Tuesday two prolific infostealers responsible for stealing sensitive data from millions worldwide.
The operation, codenamed Magnus, concluded after a year-long investigation that granted authorities “full access” to servers used by the RedLine and Meta infostealers, according to the EU Agency for Criminal Justice Cooperation (Eurojust).
The October 28 takedown targeted three servers in the Netherlands that were crucial to the malware’s operation. Authorities also seized two domains associated with the scheme, exposing the scope of the network that spanned over 1,200 servers across multiple countries. More than five nations collaborated in the investigation to neutralize the criminal infrastructure behind the scheme.
RedLine, one of the most widespread strains of infostealer malware, has been active since 2020. A recent report identified it as a key tool for criminal organizations in stealing data from hundreds of millions of individuals.
Authorities recovered a database listing thousands of clients linked to RedLine and Meta. In the U.S., one alleged administrator, identified as Maxim Rudometov, has been charged with access device fraud, conspiracy to commit computer intrusion, and money laundering. Prosecutors allege that Rudometov managed RedLine’s infrastructure, controlled cryptocurrency accounts to receive and launder payments, and possessed RedLine malware. The charges carry maximum prison terms of 10, 5, and 20 years, respectively.
Two additional suspects, believed to be customers of the malware, were detained in Belgium.
Authorities clarified that the "Meta" name used by one of the infostealer platforms is unrelated to Meta, the California-based parent company of Facebook, Instagram, and WhatsApp.