In the fall of 2022, more than 50 phishing sites appeared on the network that distribute the MSI Afterburner video card overclocking program infected with the RedLine virus. This was learned from a new report by information security experts from Cyble company.

Attackers download the installer of the above-mentioned program to malicious sites. When activated, both a legitimate utility for overclocking video cards and the RedLine virus are downloaded to the computer. The specialty of this malware is stealing logins and passwords from various Internet services, as well as stealth mining of the Monero cryptocurrency.

RedLine differs from other miners by its high “gluttony” – during operation, the virus tries to use all available computing power. At the same time, RedLine starts mining cryptocurrencies just 60 minutes after launch for masking purposes.

Another trick of RedLine is that it can block a number of system programs that potentially allow the victim to detect malware. The virus specifically blocks task managers, antivirus software, as well as utilities for monitoring the load on various PC components.

Due to the listed features, RedLine is currently poorly detected by antiviruses. Cyble noted that, according to aggregator TotalVirus, RedLine was able to recognize only three of the 56 currently known security tools.