CyberSecurityBoard
Sponsor Register Login

Rhadamanthys Infostealer Exploiting Microsoft Management Console to Execute Malicious Script

The malware creates a suspended AppLaunch.exe process (from the .NET Framework directory) and injects malicious code into its memory space, evading detection by unhooking ntdll.dll functions and employing virtual machine (VM) evasion techniques derived from the open-source Al-Khaser project. This downloads and executes a PowerShell script from a remote server, deploying Rhadamanthys as eRSg.mp3 in the user’s %LocalAppData% directory—a tactic exploiting perceived trust in media file extensions. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Stolen data is exfiltrated to command-and-control (C2) servers via SOAP messages, with attackers optionally deploying secondary modules like file grabbers or custom PowerShell scripts. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. Recent campaigns observed by ASEC use Google Ads to redirect users to spoofed software download pages (e.g., Zoom, AnyDesk) hosting the malicious MSC files. She is covering various cyber security incidents happening in the Cyber Space. The second method abuses the MMC’s Console Taskpad feature, which interprets XML-based commands between <ConsoleTaskpads> and </ConsoleTaskpads> tags.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 20 Feb 2025 14:55:16 +0000


Cyber News related to Rhadamanthys Infostealer Exploiting Microsoft Management Console to Execute Malicious Script

New Rhadamanthys stealer version enhances features, evasion - The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion. Rhadamanthys is a C++ ...
2 years ago Bleepingcomputer.com
Rhadamanthys Stealer malware evolves with more powerful features - The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion. Rhadamanthys is a C++ ...
2 years ago Bleepingcomputer.com
Azure Serial Console Attack and Defense - This is the second installment of the Azure Serial Console blog, which provides insights to improve defenders' preparedness when investigating Azure Serial Console activity on Azure Linux virtual machines. While the first blog post discussed various ...
2 years ago Msrc.microsoft.com
Rhadamanthys infostealer disrupted as cybercriminals lose server access - The Rhadamanthys infostealer, a notorious malware used by cybercriminals to steal sensitive information, has been disrupted following the loss of access to its command-and-control servers. This disruption marks a significant setback for the threat ...
3 months ago Bleepingcomputer.com
Deploy Anti-Infostealer Defenses to Protect Sensitive Data - In today's digital landscape, the threat of infostealer malware is escalating, posing significant risks to sensitive data across organizations. Infostealers are malicious programs designed to extract confidential information such as credentials, ...
4 months ago Infosecurity-magazine.com FIN7 Lazarus Group
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
2 years ago Microsoft.com
20 Best Inventory Management Tools in 2025 - inFlow Inventory is a comprehensive inventory management tool designed for small to medium-sized businesses, offering features like real-time stock tracking, order management, and barcode scanning to streamline operations. The tool provides advanced ...
7 months ago Cybersecuritynews.com
20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
11 months ago Cybersecuritynews.com
Unveiling the New Threats: Rhadamanthys v0.5.0 A Research Overview by Check Point Research - Key Insights: The Evolving Threat: The Rhadamanthys stealer, a multi-layered malware, is now available in its latest iteration, version 0.5.0, enhancing its capabilities and introducing new spying functions. Check Point Research's Expert Analysis: ...
2 years ago Blog.checkpoint.com
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
8 months ago Cybersecuritynews.com
Unified Endpoint Management: What is it and What's New? - What began as Mobile Device Management has now transitioned through Mobile Application Management and Enterprise Mobility Management to culminate in UEM. This progression underscores the industry's response to the ever-growing challenges of modern IT ...
2 years ago Securityboulevard.com
AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition - Rhadamanthys and Lumma, alongside other stealer malware families like Meduza, StealC, Vidar, and WhiteSnake, have also been found releasing updates in recent weeks to collect cookies from the Chrome web browser, effectively bypassing newly introduced ...
1 year ago Thehackernews.com
We Smell a (DC)Rat: Revealing a Sophisticated Malware Delivery Chain - The focus will be on a multi-stage infection process involving Visual Basic Script (VBS), a batch file, and a PowerShell script, ultimately leading to the deployment of high-profile malware like DCRat or Rhadamanthys infostealer. The Acronis Threat ...
11 months ago Bleepingcomputer.com
Ukrainian Raccoon Infostealer Operator Extradited to US - A Ukrainian national charged with operating the Raccoon Infostealer malware-as-a-service has made an appearance in a US court after being extradited from the Netherlands. The man, Mark Sokolovsky, 28, was arrested in March 2022, after the FBI and law ...
2 years ago Securityweek.com
Rhadamanthys information stealer introduces AI-driven capabilities - The malware allows operators to harvest a broad range of information, including system information, credentials, cryptocurrency wallets, browser passwords, cookies, and data stored in various applications. “This allows Rhadamanthys to extract ...
1 year ago Securityaffairs.com CVE-2024-45519
Rhadamanthys Infostealer Exploiting Microsoft Management Console to Execute Malicious Script - The malware creates a suspended AppLaunch.exe process (from the .NET Framework directory) and injects malicious code into its memory space, evading detection by unhooking ntdll.dll functions and employing virtual machine (VM) evasion techniques ...
1 year ago Cybersecuritynews.com
New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
2 years ago Microsoft.com
SharePoint 0-day Vulnerability Exploited in Wild by All Sorts of Hacker Groups - File Indicators of Compromise (IoCs) SHA-1FilenameDetectionDescriptionF5B60A8EAD96703080E73A1F79C3E70FF44DF271spinstall0.aspxMSIL/Webshell.JSWebshell deployed via SharePoint vulnerabilities Network Indicators of Compromise (IoCs) IP ...
7 months ago Cybersecuritynews.com
How to manage a migration to Microsoft Entra ID - Microsoft Entra ID, formerly Azure Active Directory, is not a direct replacement for on-premises Active Directory due to feature gaps and alternative ways to perform similar identity and access management tasks. For some organizations, a move to ...
2 years ago Techtarget.com
15 Best Patch Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive patch management for various operating systems, applications, and third-party software.It is complex for new users and requires time and training to utilize its functionalities fully.Advanced analytics ...
1 year ago Cybersecuritynews.com
Lumma Infostealer Malware Attacks Users: What You Need to Know - Lumma Infostealer is a newly identified malware targeting users worldwide, designed to steal sensitive information such as login credentials, financial data, and personal details. This malware operates stealthily, infiltrating systems through ...
4 months ago Cybersecuritynews.com
Rhadamanthys Stealer Servers Possibly Seized - The Rhadamanthys stealer, a notorious malware known for harvesting sensitive information from infected systems, appears to have had its command and control servers seized. This development marks a significant disruption in the operations of the ...
3 months ago Cybersecuritynews.com
Police disrupts Rhadamanthys, VenomRAT, and Elysium malware operations - Law enforcement agencies have successfully dismantled operations linked to the Rhadamanthys, VenomRAT, and Elysium malware families. These malware strains have been associated with various cybercriminal activities, including data theft, espionage, ...
3 months ago Bleepingcomputer.com
Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws - Microsoft says that this remote code execution vulnerability is caused by an integer overflow or wraparound in Windows Fast FAT Driver that, when exploited, allows an attacker to execute code. Microsoft says that this remote code execution ...
11 months ago Bleepingcomputer.com
Multi-layer Malware Sold on The Dark Web - Threat actors make use of fast-evolving multi-layer malware for their complexity and sophistication, as they offer the ability to rapidly adapt and change their code. To make analysis and countermeasures more difficult, this sophisticated type of ...
2 years ago Cybersecuritynews.com

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)