Ethical Hacking News
Rhadamanthys information stealer, a highly sophisticated AI-driven malware tool, has been upgraded to version 0.7.0 with advanced features including AI-powered Optical Character Recognition (OCR) for extracting cryptocurrency seed phrases from images. This malicious software is designed specifically for stealing sensitive information from infected systems and offers a subscription fee of $250 per month or $550 for 90 days. Stay informed about emerging threats like Rhadamanthys and learn how to protect yourself against sophisticated malware tools.
Rhadamanthys information stealer has been upgraded to version 0.7.0 with AI-driven capabilities. The malware steals sensitive information, including cryptocurrency seed phrases and financial data. The latest version includes AI-powered Optical Character Recognition (OCR) for extracting cryptocurrency seed phrases from images. The malware is available for sale on underground forums with a subscription fee of $250-$550. Rhadamanthys uses a complex attack chain to infect systems and has unique features, including mutex objects to prevent multiple instances. The malware includes additional plugins, such as Keylogger, DataSpyer, Clipper, and Reversed Proxy, for further functionality.
Rhadamanthys information stealer, a highly sophisticated and AI-driven malware tool, has recently been upgraded to version 0.7.0 by its creators, a group known as "kingcrete2022". This malicious software is designed specifically for stealing sensitive information from infected systems, including cryptocurrency seed phrases, system information, credentials, financial data, and more.
The Rhadamanthys info stealer has been in development since 2022, with each new version introducing advanced features and capabilities. The latest version, 0.7.0, boasts significant enhancements, including AI-powered Optical Character Recognition (OCR) for extracting cryptocurrency seed phrases from images. This feature allows the malware to recognize and extract seed phrase information on the client side, sending it back to the command-and-control server for further exploitation.
The creators of Rhadamanthys offer the malware for sale on underground forums, with a subscription fee of $250 per month or $550 for 90 days. Despite its high price tag, the threat actors who purchase this software are primarily focused on cryptocurrency-related crimes, such as stealing seed phrases and other sensitive information to facilitate transactions.
The Rhadamanthys info stealer uses a complex attack chain to infect systems. The initial stage involves unpacking and loading second-stage shellcode, followed by system preparations, including process injection and evasion checks. In the final stage, the malware executes stealers and additional modules, including image/OCR processing, to collect sensitive information.
One of the unique features of Rhadamanthys is its use of mutex objects to ensure only one instance runs on an infected host at a time. This implementation allows threat actors to potentially create a "killswitch" or "vaccine" to neutralize the malware's impact. However, this feature also makes it more challenging for security researchers to develop effective countermeasures.
In addition to its AI-driven capabilities, Rhadamanthys has been enhanced with additional plugins, starting from version 0.5.0. These plugins include a Keylogger, DataSpyer, Clipper, and Reversed Proxy, which provide the malware with further functionality for stealing sensitive information.
The experts at Recorded Future's Insikt group have documented the evolution of Rhadamanthys and its capabilities, highlighting the importance of staying informed about emerging threats like this one. As the threat landscape continues to evolve, it is essential for individuals and organizations to remain vigilant and take proactive measures to protect themselves against sophisticated malware tools.
Related Information:
https://securityaffairs.com/169253/malware/rhadamanthys-information-stealer-uses-ai.html
https://thehackernews.com/2024/10/ai-powered-rhadamanthys-stealer-targets.html
https://thehackernews.com/2023/12/rhadamanthys-malware-swiss-army-knife.html
https://any.run/malware-trends/rhadamanthys
Published: Wed Oct 2 11:06:27 2024 by llama3.2 3B Q4_K_M
