“Operation Magnus” Seized RedLine and META Infostealer Networks

A major law enforcement operation referred to as “Operation Magnus” has compromised infrastructure used by the RedLine and META infostealer malware platforms, both of which have been prominent players in the cybercrime market for stealing sensitive user information.

The news was shared on a dedicated website associated with Operation Magnus, initially found through Telegram channels related to RedLine. The website promises more information in the next 24 hours, potentially unveiling details about the seizure and data obtained by authorities.

RedLine has been operating since 2020 and is known for harvesting a wide range of user credentials, browser-stored data, and cryptocurrency wallets. It is available on underground forums as a Malware-as-a-Service (MaaS), enabling cybercriminals to access subscription-based tools for data theft and resale.

META emerged as a Windows-focused infostealer, marketed for its refined capabilities and operational model. This newer malware is sold with subscription options and focuses heavily on data exfiltration, particularly targeting cryptocurrency wallets, password stores, and browser credentials.

Security researcher “g0njxa” reported that they contacted individuals linked to the META operation, who suggested the takedown might not be complete, indicating that the operators may still have backup resources or redundant servers. More details are expected to be released on the Operation Magnus website.

This infrastructure compromise could signal a significant disruption for both malware operations, which are part of a growing market of infostealers that prioritize stealth and data exploitation. Law enforcement agencies are increasingly targeting such infrastructures to curb the proliferation of cybercrime, though operators often attempt to restore services through alternative servers.

CyberInsider contacted the law enforcement agencies listed on the Operation Magnus webpage and the Telegram channel that handles these communications, and we have been able to confirm the authenticity of the seizures. Further information is set to be released tomorrow.