The stolen data was automatically sent to a command-and-control server. The attacker compiled these logs into a single, compressed RAR file named 9k LOGS @Redlogsx1.rar . This signature indicates the attacker, "Redlogs," is branding their work for sale or trade on dark web forums.
An threat actor known as "Redlogs" distributed a sophisticated infostealer malware (likely a variant of RedLine or Raccoon Stealer) hidden inside fake software cracks on torrent sites. Over the course of a month, 9,000 unsuspecting users downloaded the file, allowing the malware to scrape their browsers and saved credentials. 9k LOGS @Redlogsx1.rar
The RAR file appeared on a Telegram channel or a dark web marketplace, listed for a few hundred dollars. The description promises "fresh logs," "high-value banking targets," and "USA/EU traffic." The stolen data was automatically sent to a
A buyer purchases the file. Within hours, they use automated tools to sort the 9,000 logs, hijacking social media accounts, draining cryptocurrency wallets, and purchasing goods with saved credit cards—turning the stolen 9k LOGS into instant illicit profit. An threat actor known as "Redlogs" distributed a