Omicron Stats.exe follows the pattern of the previous variant, taking advantage of the Omicron variant becoming a global concern
FortiGuard Labs recently uncovered a dangerous file named “Omicron Stats.exe”, which turned out to be a variant of malicious Redline Stealer software. In the past, variants of RedLine Stealer were known to spread COVID-19-themed emails to lure victims. The file name of this variant, “Omicron Stats.exe”, takes advantage of the fact that the Omicron variant has become a global concern, following the methodology of the previous variant.
How does Omicron Stats.exe work?
According to global OSINT information collected and analyzed by FortiGuard Labs, Redline Stealer software works like this: Normally, these victims are victims whose systems are infected with any of the anti-theft viruses. Because these people unknowingly save account passwords and all browser information and then send them to online shopping operators.
In such cases, each user profile contains login credentials for accounts on online payment portals, e-banking services, file sharing or social networking platforms. Thus, information is collected from browsers installed on compromised machines, including all Chromium-based browsers and all Gecko (i.e. Mozilla)-based browsers.
Potential victims spread by email in 12 countries
This latest variant also continues to perform all these functions. However, this new version includes additional changes and improvements. While FortiGuard Labs cannot identify the infection vector for this particular variant, it believes it was distributed via email.
Past RedLine Stealer variants have been known to be distributed in COVID-19-themed emails to lure victims. The filename of this variant, “Omicron Stats.exe”, takes advantage of the fact that the Omicron variant has become a global concern, following in the footsteps of previous variants.
Considering that this malware was embedded in a document designed to be opened by a victim, FortiGuard Labs concluded that emails were also an infection vector for this variant. Information gathered by FortiGuard Labs shows that potential victims of the RedLine Stealer variant have spread to 12 countries.