We’re aware of an active RedLine malware campaign that’s spread through news about the COVID-19 Omicron strain. We believe this is likely distributed via email and recommend schools and their IT providers check for suspicious email activity relating to Omicron.

RedLine is a relatively common malware that steals usernames and passwords it finds in an infected system. This particular variant steals stored credentials for VPN applications like NordVPN, OpenVPN, and ProtonVPN.

To minimise risk to schools we’ve blocked the IP address of a server associated with the malware. We’re contacting any schools we believe have been impacted directly. If you have any questions or you find something suspicious please contact us on 0800 LEARNING.

You can find more information at the below links:

1. https://www.fortinet.com/blog/threat-research/omicron-variant-lure-used-to-distribute-redline-stealer

2. https://www.zdnet.com/article/fortinet-warns-of-cybercriminals-using-omicron-variant-news-to-distribute-redline-stealer/