New Rhadamanthys stealer version enhances features, evasion

The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion.
Rhadamanthys is a C++ information stealer that first emerged in August 2022, targeting email, FTP, and online banking service account credentials.
The stealer is sold to cybercriminals via a subscription model, so it is distributed to targets using a variety of channels, including malvertizing, laced torrent downloads, emails, YouTube videos, and more.
Although it initially didn't receive much attention in the crowded info-stealers market, Rhadamanthys continued to improve, building upon its modular nature to add new features as needed.
Researchers at Check Point have looked into the two latest versions of Rhadamanthys and reported the addition of numerous changes and features that expand its stealing capabilities and spying functions.
Check Point analyzed Rhadamanthys version 0.5.0 and reports that it introduced a new plugin system that allows higher levels of customization for specific distribution needs.
The new plugin system indicates a shift towards a more modular and customizable framework as it allows threat actors to deploy plugins tailored to their targets, counteracting security measures identified during recon stages or exploiting specific vulnerabilities.
A plugin bundled with Rhadamanthys is 'Data Spy,' which can monitor for successful login attempts to RDP and capture the victim's credentials.
Other notable improvements include enhanced data stealing from browsers, updated search settings on the user panel, and an option to modify Telegram notifications.
Further analysis revealed the existence of the following modules loaded by XS1, five of which are new in Rhadamanthys version 0.5.0 and focus on evasion.
The XS1 loader unpacks those modules and establishes communication with the C2 server, from where it receives and launches additional modules, including passive and active stealers.
Passive stealers are less intrusive info-stealing components that search through directories, monitor applications for sensitive data exchange, user entries, etc.
Active stealers are more invasive and involve keylogging, screen capturing, and code injection into running processes to exfiltrate as much data as possible.
While Check Point's analysis of version 0.5.0, Rhadamanthys operators released version 0.5.1, which is a sign of very active development.
Check Point didn't have the chance to dive deep into the new version of the info-stealer, but the new features announced by the cybercriminals are impressive, even if not confirmed yet.
New Clipper plugin, that modifies clipboard data to divert crypto payments to the attacker.
The development of Rhadamanthys is moving quickly, with each new version adding features that make the tool more formidable and more inviting to cybercriminals.
It would not be surprising to find threat actors switching to Rhadamanthys as its development evolves.
Atomic Stealer malware strikes macOS via fake browser updates.
Lumma Stealer malware now uses trigonometry to evade detection.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Sun, 17 Dec 2023 21:45:14 +0000


Cyber News related to New Rhadamanthys stealer version enhances features, evasion

New Rhadamanthys stealer version enhances features, evasion - The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion. Rhadamanthys is a C++ ...
11 months ago Bleepingcomputer.com
Rhadamanthys Stealer malware evolves with more powerful features - The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion. Rhadamanthys is a C++ ...
11 months ago Bleepingcomputer.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
Unveiling the New Threats: Rhadamanthys v0.5.0 A Research Overview by Check Point Research - Key Insights: The Evolving Threat: The Rhadamanthys stealer, a multi-layered malware, is now available in its latest iteration, version 0.5.0, enhancing its capabilities and introducing new spying functions. Check Point Research's Expert Analysis: ...
11 months ago Blog.checkpoint.com
AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition - Rhadamanthys and Lumma, alongside other stealer malware families like Meduza, StealC, Vidar, and WhiteSnake, have also been found releasing updates in recent weeks to collect cookies from the Chrome web browser, effectively bypassing newly introduced ...
1 month ago Thehackernews.com
Rhadamanthys information stealer introduces AI-driven capabilities - The malware allows operators to harvest a broad range of information, including system information, credentials, cryptocurrency wallets, browser passwords, cookies, and data stored in various applications. “This allows Rhadamanthys to extract ...
1 month ago Securityaffairs.com
RedLine Stealer Malware Deployed Via ScrubCrypt Evasion Tool - A new version of the ScrubCrypt obfuscation tool is being used to target organizations with the RedLine Stealer malware, fraud sensor network Human Security has warned. Human's Satori Threat Intelligence Team said it has uncovered the new build of ...
11 months ago Infosecurity-magazine.com
MacOS info-stealers quickly evolve to evade XProtect detection - Multiple information stealers for the macOS platform have demonstrated the capability to evade detection even when security companies follow and report about new variants frequently. A report by SentinelOne highlights the problem through three ...
10 months ago Bleepingcomputer.com
Facebook ads push new Ov3r Stealer password-stealing malware - A new password-stealing malware named Ov3r Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency. The fake job ads are for management positions and lead users to a Discord URL where a ...
9 months ago Bleepingcomputer.com
'Ov3r Stealer' Malware Spreads Through Facebook to Steal Crates of Info - The malware by design exfiltrates specific types of data such as geolocation, hardware info, passwords, cookies, credit card information, auto-fills, browser extensions, crypto wallets, Office documents, and antivirus product information, according ...
9 months ago Darkreading.com
Sophisticated macOS Infostealers Get Past Apple's Built-In Detection - Increasingly sophisticated infostealers are targeting macOS with the capability to evade Apple's built-in malware protection, as attackers are becoming more savvy about how to crack static signature-detection engines like the platform's proprietary ...
10 months ago Darkreading.com
Multi-layer Malware Sold on The Dark Web - Threat actors make use of fast-evolving multi-layer malware for their complexity and sophistication, as they offer the ability to rapidly adapt and change their code. To make analysis and countermeasures more difficult, this sophisticated type of ...
11 months ago Cybersecuritynews.com
Fake Browser Updates Targeting Mac Systems With Infostealer - A widely popular social engineering campaign previously only targeting Windows systems has expanded and is now using fake browser updates to distribute Atomic Stealer, a dangerous information stealer, to macOS systems. Experts say this could be the ...
11 months ago Darkreading.com
Hackers Use Google Ads to Install Malware - NET malware loaders that were disseminated via malvertising attacks was discovered by SentinelLabs. The loaders, known as MalVirt, leverage the Windows Process Explorer driver for process termination together with obfuscated virtualization for ...
1 year ago Cybersecuritynews.com
ESET Threat Report: ChatGPT Name Abuses, Lumma Stealer Malware Increases, Android SpinOk SDK Spyware's Prevalence - Cybersecurity company ESET released its H2 2023 threat report, and we're highlighting three particularly interesting topics in it: the abuse of the ChatGPT name by cybercriminals, the rise of the Lumma Stealer malware and the Android SpinOk SDK ...
10 months ago Techrepublic.com
Serpent Stealer Acquire Browser Passwords and Erases Logs - Beneath the surface of the cyber realm, a silent menace emerges-crafted with the precision of the. NET framework, the Serpent Stealer slithers undetected through security measures, leaving traces of its intrusion. It can also steal sensitive data, ...
11 months ago Gbhackers.com
Titan Stealer: A New Golang-Based Information Stealer Malware Emerges - A new Golang-based information stealer malware, dubbed Titan Stealer, is being advertised by threat actors through their Telegram channel. Uptycs security researchers Karthickkumar Kathiresan and Shilpesh Trivedi first documented the malware in ...
1 year ago Thehackernews.com
Lumma malware can allegedly restore expired Google auth cookies - The Lumma information-stealer malware is promoting a new feature that allegedly allows cybercriminals to restore expired Google cookies, which can be used to hijack Google accounts. Session cookies are specific web cookies used to allow a browsing ...
11 months ago Bleepingcomputer.com
Google Chrome adds new AI features to boost productivity and creativity - Google's popular web browser, Chrome, is getting a makeover with the latest release of Chrome M121, which introduces three new generative AI features that aim to make browsing easier, more efficient and more personalized. The new features, which are ...
9 months ago Venturebeat.com
Deceptive Cracked Software Spreads Lumma Variant on YouTube - FortiGuard Labs recently discovered a threat group using YouTube channels to distribute a Lumma Stealer variant. These YouTube videos typically feature content related to cracked applications, presenting users with similar installation guides and ...
10 months ago Feeds.fortinet.com
CVE-2017-2171 - Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page ...
7 years ago
Game mod on Steam breached to push password-stealing malware - Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system. As developer Michael Mayhem told BleepingComputer, the compromised ...
10 months ago Bleepingcomputer.com
Steam game mod breached to push password-stealing malware - Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system. As developer Michael Mayhem told BleepingComputer, the compromised ...
10 months ago Bleepingcomputer.com
Windows SmartScreen flaw exploited to drop Phemedrone malware - A Phemedrone information-stealing malware campaign exploits a Microsoft Defender SmartScreen vulnerability to bypass Windows security prompts when opening URL files. Phemedrone is a new open-source info-stealer malware that harvests data stored in ...
10 months ago Bleepingcomputer.com
Stealing Browser Passwords & Cookies - A new malicious campaign, Editbot Stealer, was discovered in which threat actors use WinRAR archive files with minimal detection to perform a multi-stage attack. The malicious WinRAR archive used by the threat actors consists of a.bat file and a JSON ...
11 months ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)