Data-Stealing Spyware Redpill Back, Targeting India

A form of spyware first seen in 2008 and known for siphoning away users’ bank account credentials, emails, screenshots and various other bits of information has surfaced again – this time targeting computer users in India.

A form of spyware first seen in 2008 and known for siphoning away users’ bank account credentials, emails, screenshots and various other bits of information has surfaced again – this time targeting computer users in India.

Nicknamed Redpill, a reference to a plot device used in The Matrix films, the spyware comes disguised as an email attachment.

According to Symantec, which wrote about the malware today on its Security Response blog, once opened, the malicious attachment appears to extract itself and fool users into thinking the file is corrupted. This is just a diversion and while it’s trying to install itself, the malware is actually dropping malicious .DLL and .EXE files on the machine.

From there, the users’ keystrokes are recorded and screenshots are taken. That information is then emailed to the attacker’s email address, which is “hardcoded into the program.” Symantec claims the address received over 12,000 emails last month, which would suggest it’s been a success in the country.

Symantec notes that when it was initially developed Redpill was “designed to collect information for people wishing to know if their partner had been cheating on them.” It’s clear that five years later, the objectives of the creators of the spyware have changed and that it’s likely this information isn’t being used to determine partners’ infidelity.

Symantec has more on Redpill at Security Response.

Suggested articles