Malware, AI/ML, Threat Intelligence

AI part of substantially updated Rhadamanthys infostealer

Share
System hacked warning alert on laptop computer. Cyber attack on computer network, virus, spyware, malware or malicious software. Cyber security and cybercrime concept. System security technology (3)

(Adobe Stock)

Significant upgrades have been introduced in the latest iteration of the Rhadamanthys information-stealing malware, including new artificial intelligence-based optical character recognition that facilitates cryptocurrency wallet seed phrase extraction, according to The Hacker News.

Aside from execution stability enhancements brought upon by overhauled client- and server-side frameworks, as well as text extraction improvements, Rhadamanthys version 0.7.0 has also been beefed up with Microsoft Software Installer file execution and installation capabilities aimed at better concealing malicious activity, a report from Recorded Future's Insikt Group researchers revealed. Such a development comes after Rhadamanthys and other information-stealing payloads, such as StealC and Atomic, were reported by Recorded Future researchers to have been distributed by the Marko Polo cybercrime operation across more than 30 scam campaigns. "Rhadamanthys is a popular choice for cybercriminals. Coupled with its rapid development and innovative new features, it is a formidable threat all organizations should be aware of," said researchers.

AI part of substantially updated Rhadamanthys infostealer

Aside from execution stability enhancements brought upon by overhauled client- and server-side frameworks, as well as text extraction improvements, Rhadamanthys version 0.7.0 has also been beefed up with Microsoft Software Installer file execution and installation capabilities aimed at better concealing malicious activity.

Related

Nearly $70K stolen by WalletConnect-spoofing crypto drainer

Check Point Research researchers discovered that installation of the fake WalletConnect app triggers a wallet connection request and the stealthy activation of the MS Drainer toolkit, which then conducts token and NFT scanning and exfiltration without being detected by targets.

DCRat malware spread with HTML smuggling

Attacks involved the distribution of malicious Russian-language HTML files impersonating TrueConf and VK Messenger apps, which when opened stealthily downloads a password-protected ZIP file with a nested RarSFX archive that launches DCRat.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.