- The Rhadamanthys stealer is a multi-layer malware, sold on the black market, and frequently updated. Recently the author released a new major version, 0.5.0.
- In the new version, the malware expands its stealing capabilities and also introduces some general-purpose spying functions.
- A new plugin system makes the malware expandable for specific distributor needs.
- The custom executable formats, used for modules, are unchanged since our last publication (XS1 and XS2 formats are still in distribution).
- Check Point Research (CPR) provides a comprehensive review of the agent modules, presenting their capabilities and implementation, with a focus on how the stealer components are loaded and how they work.
4819 links
