RedLine Malware Developer Charged in International Operation
The United States has charged Maksim Rudometov, suspected of developing and administering one of the most notorious malware programs in recent years—RedLine.
This malware has been extensively used in the cybercriminal underworld to steal credentials, financial information, and circumvent two-factor authentication. RedLine was sold by subscription, becoming one of the most successful info-stealers on the dark market.
The charges are part of the international Operation Magnus, aimed at suppressing the activities of the RedLine and Meta MaaS programs. Through the investigation, law enforcement gained access to the data of victims whose devices were infected by RedLine and Meta. Numerous unique accounts, email addresses, bank details, cryptocurrency wallet numbers, and credit card numbers have been identified. The investigation is ongoing, and the precise amount of stolen data remains unknown.
According to the U.S. Department of Justice, evidence has been gathered showing Rudometov’s direct involvement in creating and managing RedLine. The suspect managed the malware’s infrastructure, owned cryptocurrency accounts where proceeds from RedLine operations were deposited and laundered, and stored copies of the malware.
Rudometov faces charges of access device fraud, conspiracy to hack computer systems, and money laundering. The maximum penalties for each count are 10, 5, and 20 years in prison, respectively. If convicted on all charges, Rudometov could face up to 35 years of imprisonment. However, there is currently no information on Rudometov’s apprehension.
As part of the operation, three servers were seized in the Netherlands, and two domains used to manage the RedLine and Meta platforms were captured. Two individuals were also detained in Belgium, one of whom turned out to be a client of the malicious platform.
Additionally, information about the server network was uncovered, revealing an extensive network of over 1,200 servers across various countries, interacting with central servers in the Netherlands. Furthermore, RedLine and Meta Telegram channels, used for selling the malware, have been blocked, temporarily disrupting the spread of the info-stealers.
Nevertheless, if the accused remains at large, the threat of rebuilding the RedLine infrastructure and resuming its operations persists.
