In the domain of cybersecurity and fraud threats, three powerful families of info-stealing malware command attention: RedLine, Raccoon, and Vidar. These notable actors excel in the art of data theft and cyber espionage, casting their impact across both individuals and global organizations. In this discourse, I will uncover the essence of these malware clans and their critical implications for cybersecurity.

RedLine: The Master of Cyber Espionage

RedLine is known for its complexity and ability to adapt, making it a top choice for cyber espionage. It excels in staying persistent, monitoring networks, and being flexible, making it perfect for targeted attacks with data theft as the main goal.

When discussing Redline, it’s crucial to highlight the evolution of Anubis. Originally designed as a banking trojan focused on Android devices, Anubis has undergone significant transformations over time. These enhancements have expanded its capabilities to include remote access trojan (RAT) functionalities, keylogging, audio recording, and even ransomware features. This evolution marked the initial phase of Redline’s journey into the realm of advanced cyber threats.

Raccoon: The Sneaky Data Thief

Raccoon may seem easy to use, but it’s a powerful tool. This type of malware is good at stealing things like usernames, passwords, and credit card info. Its ability to do a lot of different things, which makes it even more dangerous.

Vidar: Quietly Harvesting Data at Scale

Stealthy and sophisticated, Vidar is dedicated to data collection. Employing methods that are difficult to find,  it silently siphons sensitive information, ranging from login credentials to cryptocurrency wallets.

According to The Hacker News, the alarming breadth of these info-stealing malware families is brought to the forefront. An intricate and sturdy infrastructure, spanning over 250 domains, has been operational since early 2020. This extensive network shoulders the responsibility of disseminating notorious malware like Raccoon and Vidar, underscoring the magnitude of their global impact.

Organizations and individuals must remain vigilant while reinforcing their security defenses, as this stance is crucial in effectively preventing the threats posed by these info-stealing threats.

The Role of Outseer FraudAction

In 2022, digital advertising platforms, such as Google ads, became an increasingly popular medium for fraudsters to propagate phishing and malware campaigns. According to our H1 2023 Fraud Attack Distribution analysis, there has been a notable shift in the threat landscape. The data reveals that Trojan Horse attacks, which accounted for just 5% in 2022, have experienced a significant surge, now constituting 11% of the observed attacks.

Victims encountered bogus ads on search engines and various websites, masquerading as legitimate content. These ads lured victims into interactions such as clicking, credential entries, phone number contacts, or malware downloads. The accessibility and cost-effectiveness of creating fraudulent ads made digital ad platforms an attractive vector for criminal activities.

As the threat landscape evolves, so do the countermeasures to combat it. You will find that Outseer FraudAction, is a strong and effective  protection against the ever-growing threat of info-stealing malware. FraudAction stands as an all-encompassing threat intelligence and anti-fraud solution, providing real-time detection, analysis, and mitigation of fraudulent activities across diverse channels.

Credential Recovery by Outseer FraudAction

  • Advanced Detection: FraudAction employs advanced algorithms and machine learning to unearth emerging threats and patterns associated with info-stealing malware. This facilitates proactive identification of compromised credentials.
  • Enhanced Cyber Intelligence: Through our intelligence feeds, FraudAction promptly notifies organizations when their users’ credentials resurface in the dark web and various channels, empowering organizations to respond swiftly and decisively to safeguard their digital assets and protect their brand’s integrity.
  • Incident Response: In the unfortunate event of a data breach, FraudAction provides actionable insights and support to mitigate the fallout. It assists in identifying affected users, gauging the extent of the breach, and guiding recovery endeavors.
  • Automated Takedown: FraudAction works to erase stolen credentials from online marketplaces and forums, curtailing the potential harm inflicted by cybercriminals.

The shadow of info-stealing malware remains a perpetual presence, demanding unwavering vigilance and established solutions. As cyber malefactors persist in constantly evolving tactics, staying well-informed and prepared is paramount. Outseer FraudAction’s comprehensive approach to threat intelligence and credential safeguarding stands resolute against the threat of info-stealing malware, aiding individuals and organizations in protecting their sensitive data in an increasingly digitized world.


The digital battleground is evolving. Info-stealing malware like RedLine, Raccoon, and Vidar are on the rise and their tactics? More sophisticated than ever.

Our webinar fosters an open conversation where your insights and questions shape the discussion.

  • Unmask the latest tactics of dominant malware families.
  • Arm your organization with actionable insights to fortify your digital fortress.
  • Real-time Q&A: Got queries or concerns? Our FraudAction experts are eager to address them live.

Shani Elkabetz

Senior Cyber Threat Intelligence Researcher

Shani is a Senior Cyber Threat Intelligence Researcher in Outseer’s FraudAction Services. Drawing from her extensive background in the field, Shani harnesses her expertise in intelligence cyber security to meticulously conduct targeted research based on open and dark web sources. Her objective is to uncover fraudulent activities and identify potential cyber threats, thereby safeguarding the security of Outseer’s customers.