Image: Mohammad Rahmani via Unsplash [Daryna Antoniuk](/author/daryna-antoniuk)December 6th, 2024 Pirated corporate software infects Russian businesses with info-stealing malware================================================================================Russian businesses that use unlicensed corporate software have fallen victim to an ongoing information-stealing campaign, researchers have found.The cybercriminals behind the campaign, which began in January of this year, have been distributing the well-known info-stealer malware [RedLine](https://therecord.media/search-results?term=RedLine) on local online forums frequented by business owners and accountants. They disguise it as a tool designed to bypass licensing requirements for business automation software.To evade detection by security vendors, the attackers instruct victims to disable antivirus services on their devices, claiming that the pirated software would not work otherwise, according to a new [report](https://securelist.ru/redline-stealer-in-activators-for-business-software/111241/) by Russian cybersecurity firm Kaspersky.RedLine is sold as a service for criminals on underground forums. It can exfiltrate sensitive information from browsers and messengers or detailed data about an infected system and its users.Earlier in October, U.S. authorities identified and [charged](https://therecord.media/redline-infostealer-malware-criminal-complaint-maxim-rudometov) a Russian national, Maxim Rudometov, with developing and administering RedLine. In November, international law enforcement took down the infrastructure behind the malware, but it appears that the criminals have found another way to use it.Kaspersky hasn’t attributed this campaign to a particular threat actor and didn’t say if the campaign is financially or politically motivated.’The attackers behind this campaign are clearly interested in gaining access to organizations of Russian-speaking entrepreneurs who use software to automate business processes,’ researchers said.Abusing pirated software to infect users is a common tactic among cybercriminals, but Russian users are particularly vulnerable to such attacks. Since Moscow’s invasion of Ukraine, many Western companies, including tech giants like Microsoft, have suspended their services in Russia and [revoked](https://therecord.media/microsoft-to-freeze-license-extensions-for-russian-companies) licensing for software already used by Russian businesses.Kaspersky admitted that disguising malware as a tool to help victims bypass license checks is not uncommon. ‘However, the fact that they are targeting businesses rather than individual users seems quite unusual,’ researchers said. * [](https://twitter.com/intent/tweet?text=Pirated corporate software infects Russian businesses with info-stealing malware%20%20@TheRecord_Media)* [](https://www.linkedin.com/shareArticle?mini=true&url=&title=Pirated corporate software infects Russian businesses with info-stealing malware)* [](https://www.facebook.com/sharer/sharer.php?u=&src=sdkpreparse)* [](https://www.reddit.com/submit?url=)* [](https://news.ycombinator.com/submitlink?u=&t=Pirated corporate software infects Russian businesses with info-stealing malware)* [](https://bsky.app/intent/compose?text=Pirated corporate software infects Russian businesses with info-stealing malware ) * [Cybercrime](/news/cybercrime)* [News](/)* [News Briefs](/)* [Industry](/)* [Malware](/news/malware) Get more insights with the Recorded Future Intelligence Cloud.[Learn more.](https://www.recordedfuture.com/platform?mtm_campaign=ad-unit-record) Tags* [infostealer](/tag/infostealer)* [RedLine](/tag/redline)* [Russia](/tag/russia)* [business](/tag/business)* [software](/tag/software)* [piracy](/tag/piracy)* [RedLine Stealer](/tag/redline-stealer) No previous article No new articles  [Daryna Antoniuk](/author/daryna-antoniuk) is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.
Related Tags:
NAICS: 56 – Administrative And Support And Waste Management And Remediation Services
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 561 – Administrative And Support Services
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 52 – Finance And Insurance
NAICS: 92 – Public Administration
NAICS: 922 – Justice
Public Order
Safety Activities
NAICS: 523 – Securities
Commodity Contracts
Other Financial Investments And Related Activities
Blog: The Record
Associated Indicators: