AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition

Rhadamanthys and Lumma, alongside other stealer malware families like Meduza, StealC, Vidar, and WhiteSnake, have also been found releasing updates in recent weeks to collect cookies from the Chrome web browser, effectively bypassing newly introduced security mechanisms like app-bound encryption. Furthermore, information stealers like Atomic, Rhadamanthys, and StealC have been at the heart of over 30 scam campaigns orchestrated by a cybercrime gang known as Marko Polo to conduct cryptocurrency theft across platforms by impersonating legitimate brands in online gaming, virtual meetings and productivity software, and cryptocurrency. "This allows Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a highly potent threat for anyone dealing in cryptocurrencies," Recorded Future's Insikt Group said in an analysis of version 0.7.0 of the malware. This includes system information, credentials, cryptocurrency wallets, browser passwords, cookies, and data stored in various applications, while simultaneously taking steps to complicate analysis efforts within sandboxed environments. These ongoing updates also follow the discovery of new drive-by download campaigns that deliver information stealers by tricking users into manually copying and executing PowerShell code to prove they are human by means of a deceptive CAPTCHA verification page. Phishing and malvertising campaigns have also been observed distributing Atomic macOS Stealer (AMOS), Rilide, as well as a new variant of a stealer malware called Snake Keylogger (aka 404 Keylogger or KrakenKeylogger). As part of the campaign, users searching for video streaming services on Google are redirected to malicious URL that urges them to press the Windows button + R to launch the Run menu, paste an encoded PowerShell command, and execute it, according to CloudSEK, eSentire, Palo Alto Networks Unit 42, and Secureworks. First discovered in the wild in September 2022, Rhadamanthys has emerged as one of the most potent information stealers that are advertised under the malware-as-a-service (MaaS) model, alongside Lumma and others. The cybersecurity company, which is set to be acquired by Mastercard for $2.65 billion, said the stealer is sold on a subscription basis for $250 per month (or $550 for 90 days), allowing its customers to harvest a wide range of sensitive information from compromised hosts. On top of that, the developers behind the WhiteSnake Stealer have added the ability to extract CVC codes from credit cards stored in Chrome, highlighting the ever-evolving nature of the malware landscape. The attack, which ultimately delivers stealers such as Lumma, StealC, and Vidar, is a variant of the ClickFix campaign documented in recent months by ReliaQuest, Proofpoint, McAfee Labs, and Trellix. The malware continues to have an active presence despite suffering bans from underground forums like Exploit and XSS for targeting entities within Russia and the former Soviet Union, with its developer, who goes by the name "kingcrete" (aka "kingcrete2022"), finding ways to market the new versions on Telegram, Jabber, and TOX. Researchers have identified an Amadey malware campaign that deploys an AutoIt script, which then launches the victim's browser in kiosk mode to force them to enter their Google account credentials.

This Cyber News was published on thehackernews.com. Publication date: Tue, 01 Oct 2024 17:13:05 +0000


Cyber News related to AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition

New Rhadamanthys stealer version enhances features, evasion - The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion. Rhadamanthys is a C++ ...
1 year ago Bleepingcomputer.com
Rhadamanthys Stealer malware evolves with more powerful features - The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion. Rhadamanthys is a C++ ...
1 year ago Bleepingcomputer.com
Does Your App Accept Digital Wallets? - Digital wallets are electronic systems that securely store payment information digitally. Digital wallets are designed for convenience and often include security features to protect your financial data. How Digital Wallets Function Digital wallets ...
1 year ago Feeds.dzone.com
AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition - Rhadamanthys and Lumma, alongside other stealer malware families like Meduza, StealC, Vidar, and WhiteSnake, have also been found releasing updates in recent weeks to collect cookies from the Chrome web browser, effectively bypassing newly introduced ...
2 months ago Thehackernews.com
Unveiling the New Threats: Rhadamanthys v0.5.0 A Research Overview by Check Point Research - Key Insights: The Evolving Threat: The Rhadamanthys stealer, a multi-layered malware, is now available in its latest iteration, version 0.5.0, enhancing its capabilities and introducing new spying functions. Check Point Research's Expert Analysis: ...
1 year ago Blog.checkpoint.com
Rhadamanthys information stealer introduces AI-driven capabilities - The malware allows operators to harvest a broad range of information, including system information, credentials, cryptocurrency wallets, browser passwords, cookies, and data stored in various applications. “This allows Rhadamanthys to extract ...
2 months ago Securityaffairs.com
'Ov3r Stealer' Malware Spreads Through Facebook to Steal Crates of Info - The malware by design exfiltrates specific types of data such as geolocation, hardware info, passwords, cookies, credit card information, auto-fills, browser extensions, crypto wallets, Office documents, and antivirus product information, according ...
10 months ago Darkreading.com
Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus - In its continued efforts to crack down on North Korea's most formidable state-sponsored threat group, the US government has seized a virtual currency mixer that has been serving as the principal way the group launders money stolen from its ...
1 year ago Darkreading.com
The Week in Ransomware - January 20th, 2023 Crypto Exchanges Under Attack - The week of January 20th, 2023 brought yet another wave of ransomware attacks targeting crypto exchanges. Crypto exchanges all around the world have been hit by a barrage of sophisticated and well-planned ransomware campaigns. From high-profile ...
1 year ago Bleepingcomputer.com
RedLine Stealer Malware Deployed Via ScrubCrypt Evasion Tool - A new version of the ScrubCrypt obfuscation tool is being used to target organizations with the RedLine Stealer malware, fraud sensor network Human Security has warned. Human's Satori Threat Intelligence Team said it has uncovered the new build of ...
1 year ago Infosecurity-magazine.com
Fake Browser Updates Targeting Mac Systems With Infostealer - A widely popular social engineering campaign previously only targeting Windows systems has expanded and is now using fake browser updates to distribute Atomic Stealer, a dangerous information stealer, to macOS systems. Experts say this could be the ...
1 year ago Darkreading.com
Facebook ads push new Ov3r Stealer password-stealing malware - A new password-stealing malware named Ov3r Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency. The fake job ads are for management positions and lead users to a Discord URL where a ...
10 months ago Bleepingcomputer.com
Windows SmartScreen flaw exploited to drop Phemedrone malware - A Phemedrone information-stealing malware campaign exploits a Microsoft Defender SmartScreen vulnerability to bypass Windows security prompts when opening URL files. Phemedrone is a new open-source info-stealer malware that harvests data stored in ...
11 months ago Bleepingcomputer.com
Android/SpyNote Moves to Crypto Currencies - Affected Platform: AndroidImpacted Users: Android users with mobile crypto wallet or banking applicationsImpact: Financial LossSeverity Level: Medium. It has grown into one of the most common families of malware for Android, with multiple samples, ...
10 months ago Feeds.fortinet.com
FTC's Rite Aid Ruling Rightly Renews Scrutiny of Face Recognition - The Federal Trade Commission on Tuesday announced action against the pharmacy chain Rite Aid for its use of face recognition technology in hundreds of stores. The regulator found that Rite Aid deployed a massive, error-riddled surveillance program, ...
1 year ago Eff.org
Titan Stealer: A New Golang-Based Information Stealer Malware Emerges - A new Golang-based information stealer malware, dubbed Titan Stealer, is being advertised by threat actors through their Telegram channel. Uptycs security researchers Karthickkumar Kathiresan and Shilpesh Trivedi first documented the malware in ...
1 year ago Thehackernews.com
Serpent Stealer Acquire Browser Passwords and Erases Logs - Beneath the surface of the cyber realm, a silent menace emerges-crafted with the precision of the. NET framework, the Serpent Stealer slithers undetected through security measures, leaving traces of its intrusion. It can also steal sensitive data, ...
1 year ago Gbhackers.com
5 Critical Steps to Prepare for AI-Powered Malware in Your Connected Asset Ecosystem - Voice synthesis has already been used in a few fake kidnap extortion attempts and possibly in one or two Business Email Compromise attacks as well, but that's about it. AI-powered malware represents a new frontier in the ever-expanding portfolio of ...
1 year ago Securityweek.com
Deceptive Cracked Software Spreads Lumma Variant on YouTube - FortiGuard Labs recently discovered a threat group using YouTube channels to distribute a Lumma Stealer variant. These YouTube videos typically feature content related to cracked applications, presenting users with similar installation guides and ...
11 months ago Feeds.fortinet.com
Web3 security firm CertiK's X account hacked to push crypto drainer - The Twitter/X account of blockchain security firm CertiK was hijacked today to redirect the company's more than 343,000 followers to a malicious website pushing a cryptocurrency wallet drainer. Crypto fraud sleuth ZachXBT later leaked screenshots of ...
11 months ago Bleepingcomputer.com
MacOS info-stealers quickly evolve to evade XProtect detection - Multiple information stealers for the macOS platform have demonstrated the capability to evade detection even when security companies follow and report about new variants frequently. A report by SentinelOne highlights the problem through three ...
11 months ago Bleepingcomputer.com
MrAnon Stealer Propagates via Email with Fake Hotel Booking PDF - FortiGuard Labs cybersecurity experts have discovered a sophisticated email phishing scheme that uses fraudulent hotel reservations to target unsuspecting victims. The phishing campaign involves the deployment of an infected PDF file, which sets off ...
1 year ago Cysecurity.news
Multi-layer Malware Sold on The Dark Web - Threat actors make use of fast-evolving multi-layer malware for their complexity and sophistication, as they offer the ability to rapidly adapt and change their code. To make analysis and countermeasures more difficult, this sophisticated type of ...
1 year ago Cybersecuritynews.com
Netgear, Hyundai latest X accounts hacked to push crypto drainers - The official Netgear and Hyundai MEA Twitter/X accounts are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware. While Hyundai has already regained access to their account and has cleaned ...
11 months ago Bleepingcomputer.com
Navigating the Perilous Waters of Crypto Phishing Attacks - Key Highlights: Check Point Research Unveils Rise in Sophisticated Crypto Phishing: An investigation reveals an alarming increase in advanced phishing schemes targeting a variety of blockchain networks, employing wallet-draining techniques. ...
11 months ago Blog.checkpoint.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)