In a significant shift, the threat actors associated with the RedLine and Vidar information stealers have adapted their tactics, moving from data theft to ransomware attacks. A recent analysis by Trend Micro reveals that these actors are now employing phishing campaigns to deliver initial payloads signed with Extended Validation (EV) code signing certificates. This strategic shift suggests a more streamlined and multipurpose approach.