CyberSecurityBoard
Sponsor Register Login

Rhadamanthys Infostealer Exploiting Microsoft Management Console to Execute Malicious Script

The malware creates a suspended AppLaunch.exe process (from the .NET Framework directory) and injects malicious code into its memory space, evading detection by unhooking ntdll.dll functions and employing virtual machine (VM) evasion techniques derived from the open-source Al-Khaser project. This downloads and executes a PowerShell script from a remote server, deploying Rhadamanthys as eRSg.mp3 in the user’s %LocalAppData% directory—a tactic exploiting perceived trust in media file extensions. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Stolen data is exfiltrated to command-and-control (C2) servers via SOAP messages, with attackers optionally deploying secondary modules like file grabbers or custom PowerShell scripts. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. Recent campaigns observed by ASEC use Google Ads to redirect users to spoofed software download pages (e.g., Zoom, AnyDesk) hosting the malicious MSC files. She is covering various cyber security incidents happening in the Cyber Space. The second method abuses the MMC’s Console Taskpad feature, which interprets XML-based commands between <ConsoleTaskpads> and </ConsoleTaskpads> tags.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 20 Feb 2025 14:55:16 +0000


Cyber News related to Rhadamanthys Infostealer Exploiting Microsoft Management Console to Execute Malicious Script

New Rhadamanthys stealer version enhances features, evasion - The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion. Rhadamanthys is a C++ ...
1 year ago Bleepingcomputer.com
Rhadamanthys Stealer malware evolves with more powerful features - The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion. Rhadamanthys is a C++ ...
1 year ago Bleepingcomputer.com
Azure Serial Console Attack and Defense - This is the second installment of the Azure Serial Console blog, which provides insights to improve defenders' preparedness when investigating Azure Serial Console activity on Azure Linux virtual machines. While the first blog post discussed various ...
1 year ago Msrc.microsoft.com
Rhadamanthys infostealer disrupted as cybercriminals lose server access - The Rhadamanthys infostealer, a notorious malware used by cybercriminals to steal sensitive information, has been disrupted following the loss of access to its command-and-control servers. This disruption marks a significant setback for the threat ...
3 weeks ago Bleepingcomputer.com
Deploy Anti-Infostealer Defenses to Protect Sensitive Data - In today's digital landscape, the threat of infostealer malware is escalating, posing significant risks to sensitive data across organizations. Infostealers are malicious programs designed to extract confidential information such as credentials, ...
1 month ago Infosecurity-magazine.com FIN7 Lazarus Group
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
20 Best Inventory Management Tools in 2025 - inFlow Inventory is a comprehensive inventory management tool designed for small to medium-sized businesses, offering features like real-time stock tracking, order management, and barcode scanning to streamline operations. The tool provides advanced ...
4 months ago Cybersecuritynews.com
20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
7 months ago Cybersecuritynews.com
Unveiling the New Threats: Rhadamanthys v0.5.0 A Research Overview by Check Point Research - Key Insights: The Evolving Threat: The Rhadamanthys stealer, a multi-layered malware, is now available in its latest iteration, version 0.5.0, enhancing its capabilities and introducing new spying functions. Check Point Research's Expert Analysis: ...
1 year ago Blog.checkpoint.com
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
5 months ago Cybersecuritynews.com
Unified Endpoint Management: What is it and What's New? - What began as Mobile Device Management has now transitioned through Mobile Application Management and Enterprise Mobility Management to culminate in UEM. This progression underscores the industry's response to the ever-growing challenges of modern IT ...
1 year ago Securityboulevard.com
AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition - Rhadamanthys and Lumma, alongside other stealer malware families like Meduza, StealC, Vidar, and WhiteSnake, have also been found releasing updates in recent weeks to collect cookies from the Chrome web browser, effectively bypassing newly introduced ...
1 year ago Thehackernews.com
We Smell a (DC)Rat: Revealing a Sophisticated Malware Delivery Chain - The focus will be on a multi-stage infection process involving Visual Basic Script (VBS), a batch file, and a PowerShell script, ultimately leading to the deployment of high-profile malware like DCRat or Rhadamanthys infostealer. The Acronis Threat ...
8 months ago Bleepingcomputer.com
SharePoint 0-day Vulnerability Exploited in Wild by All Sorts of Hacker Groups - File Indicators of Compromise (IoCs) SHA-1FilenameDetectionDescriptionF5B60A8EAD96703080E73A1F79C3E70FF44DF271spinstall0.aspxMSIL/Webshell.JSWebshell deployed via SharePoint vulnerabilities Network Indicators of Compromise (IoCs) IP ...
4 months ago Cybersecuritynews.com
New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
1 year ago Microsoft.com
Rhadamanthys Infostealer Exploiting Microsoft Management Console to Execute Malicious Script - The malware creates a suspended AppLaunch.exe process (from the .NET Framework directory) and injects malicious code into its memory space, evading detection by unhooking ntdll.dll functions and employing virtual machine (VM) evasion techniques ...
9 months ago Cybersecuritynews.com
Ukrainian Raccoon Infostealer Operator Extradited to US - A Ukrainian national charged with operating the Raccoon Infostealer malware-as-a-service has made an appearance in a US court after being extradited from the Netherlands. The man, Mark Sokolovsky, 28, was arrested in March 2022, after the FBI and law ...
1 year ago Securityweek.com
Rhadamanthys information stealer introduces AI-driven capabilities - The malware allows operators to harvest a broad range of information, including system information, credentials, cryptocurrency wallets, browser passwords, cookies, and data stored in various applications. “This allows Rhadamanthys to extract ...
1 year ago Securityaffairs.com CVE-2024-45519
15 Best Patch Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive patch management for various operating systems, applications, and third-party software.It is complex for new users and requires time and training to utilize its functionalities fully.Advanced analytics ...
8 months ago Cybersecuritynews.com
How to manage a migration to Microsoft Entra ID - Microsoft Entra ID, formerly Azure Active Directory, is not a direct replacement for on-premises Active Directory due to feature gaps and alternative ways to perform similar identity and access management tasks. For some organizations, a move to ...
1 year ago Techtarget.com
Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws - Microsoft says that this remote code execution vulnerability is caused by an integer overflow or wraparound in Windows Fast FAT Driver that, when exploited, allows an attacker to execute code. Microsoft says that this remote code execution ...
8 months ago Bleepingcomputer.com
Financially motivated threat actors misusing App Installer - Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-appinstaller URI scheme to distribute malware. In ...
1 year ago Microsoft.com Black Basta
Lumma Infostealer Malware Attacks Users: What You Need to Know - Lumma Infostealer is a newly identified malware targeting users worldwide, designed to steal sensitive information such as login credentials, financial data, and personal details. This malware operates stealthily, infiltrating systems through ...
1 month ago Cybersecuritynews.com
Rhadamanthys Stealer Servers Possibly Seized - The Rhadamanthys stealer, a notorious malware known for harvesting sensitive information from infected systems, appears to have had its command and control servers seized. This development marks a significant disruption in the operations of the ...
2 weeks ago Cybersecuritynews.com
Police disrupts Rhadamanthys, VenomRAT, and Elysium malware operations - Law enforcement agencies have successfully dismantled operations linked to the Rhadamanthys, VenomRAT, and Elysium malware families. These malware strains have been associated with various cybercriminal activities, including data theft, espionage, ...
2 weeks ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)