Insikt Group’s analysis of Rhadamanthys Stealer v0.7.0 reveals its growing capabilities, including AI-powered seed phrase extraction and MSI installer evasion tactics.

A massive infostealer malware operation encompassing thirty campaigns targeting a broad spectrum of demographics and system platforms has been uncovered, attributed to a cybercriminal group named
#Atomic #Computer #Info #InfoSec #Information #Information-stealing #Marko #Polo #Rhadamanthys #Security #Stealc #Stealer #malware

What happened  Proofpoint identified TA547 targeting German organizations with an email campaign delivering Rhadamanthys malware. This is the first time researchers observed TA547 use Rhadamanthys,...

A malicious ad for the popular admin tool PuTTY leads victims to a fake site that downloads malware.

• The Rhadamanthys stealer is a multi-layer malware, sold on the black market, and frequently updated. Recently the author released a new major version, 0.5.0.
• In the new version, the malware expands its stealing capabilities and also introduces some general-purpose spying functions.
• A new plugin system makes the malware expandable for specific distributor needs.
• The custom executable formats, used for modules, are unchanged since our last publication (XS1 and XS2 formats are still in distribution).
• Check Point Research (CPR) provides a comprehensive review of the agent modules, presenting their capabilities and implementation, with a focus on how the stealer components are loaded and how they work.