December 17, 2023 at 04:44PM
The developers of Rhadamanthys malware have released two major versions, enhancing its information-stealing capabilities. Sold via subscription, it’s distributed through various channels. Check Point’s analysis of version 0.5.0 revealed a new plugin system, improved stub construction, and targeted crypto apps. Version 0.5.1 introduces a new Clipper plugin and other advanced features. The malware’s rapid development makes it increasingly formidable.
Based on the meeting notes, the key takeaways are:
1. The developers of the Rhadamanthys information-stealing malware have released two major versions, 0.5.0 and 0.5.1, to add significant improvements and enhancements to its capabilities.
2. Version 0.5.0 introduced a new plugin system that allows higher levels of customization for specific distribution needs, along with improvements in stub construction, client execution process, and targeting of cryptocurrency wallets.
3. Check Point’s analysis of Rhadamanthys version 0.5.0 revealed the addition of new modules focused on evasion, passive stealers, and active stealers targeting various applications.
4. Version 0.5.1 of Rhadamanthys introduced a new Clipper plugin, Telegram notification options for exfiltration of wallet crack and seed, ability to recover deleted Google Account cookies, and the ability to evade Windows Defender.
5. The development of Rhadamanthys is progressing rapidly, with each new version incorporating features that make the tool more formidable and attractive to cybercriminals. This rapid development may lead to threat actors switching to Rhadamanthys as its capabilities evolve.
These takeaways highlight the evolving sophistication and threat posed by the Rhadamanthys malware, as well as the need for proactive measures to counter its capabilities.