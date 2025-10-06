Widely used information-stealing malware Rhadamanthys has been updated with more sophisticated data theft and obfuscation techniques, The Hacker News reports.

Despite retaining its core infrastructure, Rhadamanthys has been improved to include a Lua runner within its stealer module to facilitate the deployment of additional plugins enabling data exfiltration and device and browser fingerprinting, a report from Check Point Research analysts revealed.

Operators of the infostealer, which is offered in three tiers, have also imbued the malware with capabilities that prevent the exposure of unpacked artifacts in a bid to curb discovery and self-infections, as well as ensure the malware's non-execution in a sandboxed environment.

Aside from offering the refreshed Rhadamanthys stealer, operators have also offered the new Elypsium Proxy Bot and Crypt Service tools on their website, suggesting a long-term business venture.

"For defenders, this professionalization signals that Rhadamanthys with its growing customer base and an expanding ecosystem is likely here to stay, making it important to track not only its malware updates but also the business infrastructure that sustains it," said Check Point researcher Aleksandra "Hasherezade" Doniec.