Don’t open that ‘copyright infringement’ email attachment – it’s an infostealer

November 7, 2024 at 05:26PM Organizations should be wary of phishing emails falsely claiming copyright infringement, which deploy the Rhadamanthys malware. The campaign uses AI for automation, targeting various countries. Attackers aim to steal sensitive data, including cryptocurrency wallet seed phrases, indicating a financially motivated effort by lower-level cybercriminals rather than state-sponsored groups. ### Meeting … Read more

SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Target Victims

November 7, 2024 at 05:04AM A phishing campaign named CopyRh(ight)adamantys is exploiting copyright themes to distribute the Rhadamanthys information stealer across various global regions. The attackers impersonate well-known companies and use sophisticated methods, including AI for targeted spear-phishing. Additionally, the SteelFox malware, posing as legitimate software, targets users worldwide through malicious links and data theft. … Read more

Fake Copyright Infringement Emails Spread Rhadamanthys

November 6, 2024 at 05:56PM Check Point Research has tracked a spear-phishing campaign, “CopyR(ight)hadamantys,” targeting hundreds of companies globally with emails claiming copyright infringement. The emails deliver the sophisticated infostealer Rhadamanthys, capable of stealing sensitive data. Attackers use automation to send these messages, often impersonating known brands in technology and entertainment industries. ### Key Takeaways … Read more

AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition

October 1, 2024 at 12:51PM The Rhadamanthys information stealer has incorporated AI for optical character recognition, enabling it to extract cryptocurrency wallet seed phrases from images and sell the sensitive information for $250 per month. Despite facing bans, the malicious software continues to evolve, releasing a new version in June 2024 with enhanced features to … Read more

Malicious PowerShell script pushing malware looks AI-written

April 10, 2024 at 12:19PM Adversaries are utilizing AI-generated PowerShell scripts, likely produced using OpenAI’s ChatGPT, Google’s Gemini, or Microsoft’s CoPilot, to execute attacks such as the distribution of the Rhadamanthys information stealer. This marks a concerning trend of threat actors applying AI for malicious activities, prompting concerns about the potential impact on cybersecurity and … Read more

From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware

April 5, 2024 at 06:33AM Bogus Adobe Acrobat Reader installers are distributing a new multi-functional malware called Byakugan. The attack begins with a PDF file in Portuguese prompting the victim to download the Reader application. Clicking the link leads to the installation of the malware, which leverages various techniques to deploy its payload and gather … Read more

New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware

April 4, 2024 at 12:15PM Rhadamanthys, an information-stealing malware, is being used in phishing campaigns targeting the oil and gas sector. The phishing emails use a unique lure, claiming to be from the Federal Bureau of Transportation. This campaign appears to be an evolution of the malware, possibly linked to the LockBit ransomware group. Additionally, … Read more

Rhadamanthys Malware: Swiss Army Knife of Information Stealers Emerges

December 18, 2023 at 09:39AM Developers continue to enhance Rhadamanthys malware, broadening its capabilities and incorporating a plugin system for customization. Deployed through malicious sites, the malware harvests sensitive information from compromised hosts. Check Point’s analysis reveals its evolution into a potent threat, with a new plugin system allowing customized deployment. Similar to Rhadamanthys, AsyncRAT … Read more

Rhadamanthys Stealer malware evolves with more powerful features

December 17, 2023 at 04:52PM The Rhadamanthys information-stealing malware has recently released two major versions with added improvements, such as new stealing capabilities, enhanced evasion, and a new plugin system for customization. These updates indicate a shift towards a more modular and customizable framework, making it a more formidable tool for cybercriminals. From the meeting … Read more

New Rhadamanthys stealer version enhances features, evasion

December 17, 2023 at 04:44PM The developers of Rhadamanthys malware have released two major versions, enhancing its information-stealing capabilities. Sold via subscription, it’s distributed through various channels. Check Point’s analysis of version 0.5.0 revealed a new plugin system, improved stub construction, and targeted crypto apps. Version 0.5.1 introduces a new Clipper plugin and other advanced … Read more