Ethical Hacking News
Rhadamanthys information stealer has introduced AI-driven capabilities, allowing it to extract cryptocurrency seed phrases from images, making it a highly potent threat for anyone dealing in cryptocurrencies. In this article, we will delve into the world of Rhadamanthys, exploring its origins, features, and implications for users in the cryptocurrency community.
Rhadamanthys is a highly potent malware threat leveraging AI for optical character recognition (OCR) to extract cryptocurrency seed phrases from images. The malware was first identified in 2022 and has undergone significant upgrades, including the introduction of AI-driven capabilities in version 0.7.0. Rhadamanthys can steal credentials, system information, and financial data from infected systems using sophisticated evasion techniques. The malware is available for purchase on underground forums with a subscription fee ranging from $250 to $550 per month. The Rhadamanthys infection chain consists of three stages and utilizes mutex objects to ensure only one instance runs on an infected host at a time. The malware has implemented additional plugins, including Keylogger, DataSpyer, Clipper, and Reversed Proxy, starting from version 0.5.0.
The cybersecurity landscape has witnessed a significant evolution with the emergence of new and sophisticated malware threats. Among these, Rhadamanthys information stealer stands out as a highly potent threat, leveraging artificial intelligence (AI) to extract cryptocurrency seed phrases from images. This article will delve into the world of Rhadamanthys, exploring its origins, features, and implications for users in the cryptocurrency community.
Rhadamanthys, a malware developed by a threat actor known as "kingcrete2022," was first identified in 2022. Since then, it has undergone significant upgrades, with the latest version, 0.7.0, introducing AI-driven capabilities for optical character recognition (OCR). This enhancement enables Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a highly potent threat for anyone dealing in cryptocurrencies.
The malware can steal credentials, system information, and financial data from infected systems, supporting sophisticated evasion techniques, including MSI installer disguise. Threat actors offer the malware for sale on underground forums, with a subscription fee ranging from $250 per month to $550 for 90 days. However, they ban customers from targeting specific regions.
The Rhadamanthys malware infection chain remains unchanged across various versions, comprising three stages: unpacking and loading second-stage shellcode in Stage 1, establishing communication with the C2 server and loading CoreDLL (Stage 3) in Stage 2, and executing stealers and additional modules, including image/OCR processing, in Stage 3. The malware utilizes mutex objects to ensure only one instance runs on an infected host at a time.
The Rhadamanthys malware has enhanced its functionality by implementing additional plugins, starting from version 0.5.0 and expanding in subsequent updates. Experts identify four main plugins: Keylogger, DataSpyer, Clipper, and Reversed Proxy. The plugin system was updated with the release of version 0.7.0, packaging plugins in ZIP files containing classes.dex and manifest.json.
The report includes Tactics, Techniques, and Procedures (TTPs) associated with this threat, providing insight into the methods used by Rhadamanthys to evade detection and exploit vulnerable systems.
The emergence of AI-driven malware like Rhadamanthys highlights the evolving nature of cybersecurity threats. As users in the cryptocurrency community become increasingly vulnerable to such threats, it is essential for them to remain vigilant and take proactive measures to protect themselves.
Related Information:
https://securityaffairs.com/169253/malware/rhadamanthys-information-stealer-uses-ai.html
https://medium.com/cybersecurity-and-iot/ai-driven-cyber-heist-how-rhadamanthys-stealer-is-targeting-your-crypto-wallets-no-one-is-safe-d41bfa4abb33
https://thehackernews.com/2023/12/rhadamanthys-malware-swiss-army-knife.html
https://www.pcrisk.com/removal-guides/25643-rhadamanthys-stealer
https://www.darkreading.com/threat-intelligence/microsoft-doj-dismantle-russian-hacker-group-star-blizzard
https://research.checkpoint.com/2023/rhadamanthys-the-everything-bagel-infostealer/
Published: Fri Oct 4 20:35:30 2024 by llama3.2 3B Q4_K_M
