December 17, 2023 at 04:52PM
The Rhadamanthys information-stealing malware has recently released two major versions with added improvements, such as new stealing capabilities, enhanced evasion, and a new plugin system for customization. These updates indicate a shift towards a more modular and customizable framework, making it a more formidable tool for cybercriminals.
From the meeting notes, we can gather that the developers of the Rhadamanthys information-stealing malware have been very active in releasing new versions and adding significant improvements and enhancements. The most recent versions, 0.5.0 and 0.5.1, brought about several key changes. Version 0.5.0 introduced a new plugin system that allows for higher levels of customization, including the addition of the ‘Data Spy’ plugin and improved stub construction. It also brought enhancements to the stealing capabilities from browsers, updates to the user panel, and modified Telegram notifications.
Additionally, the XS1 loader unpacks modules loaded by the C2 server and introduces both passive and active stealers. Passive stealers monitor applications for sensitive data exchange, while active stealers involve keylogging, screen capturing, and code injection to exfiltrate data. Moreover, version 0.5.1 introduced new features, such as the Clipper plugin for modifying clipboard data, Telegram notification options, ability to recover deleted Google Account cookies, and evasion of Windows Defender.
Overall, the development of Rhadamanthys is evolving rapidly, with each new version adding formidable features. The trending improvements make it an attractive tool for cybercriminals, and it is anticipated that threat actors might start switching to Rhadamanthys as its development progresses.