Rhadamanthys Stealer Malware Evolves With More Powerful Features
The Rhadamanthys information-stealing malware has recently evolved with two major versions, adding new stealing capabilities and enhanced evasion. First emerging in August 2022, Rhadamanthys targets email, FTP, and online banking service account credentials and is sold to cybercriminals via a subscription model. It is distributed through various channels, including malvertising, torrent downloads, emails, and YouTube videos. The two latest versions of Rhadamanthys have introduced numerous changes and features. Version 0.5.0 introduced a new plugin system that allows higher levels of customization for specific distribution needs. A plugin bundled with Rhadamanthys is 'Data Spy,' which can monitor for successful login attempts to RDP and capture the victim's credentials. The 0.5.0 release also brought improved stub construction and client execution process, fixes on the system that targets cryptocurrency wallets, and fixes on the Discord token acquisition. Other improvements include enhanced data stealing from browsers, updated search settings on the user panel, and an option to modify Telegram notifications. The malware loader has been rewritten to include anti-analysis checks, an embedded configuration, and a package with modules for the next stage (XS1). While version 0.5.1 introduces a new Clipper plugin that modifies clipboard data to divert crypto payments to the attacker, Telegram notification options to exfiltrate the wallet crack and seed in the exfiltrated ZIP, ability to recover deleted Google Account cookies, and ability to evade Windows Defender by cleaning its stub. The development of Rhadamanthys is moving quickly, making it more formidable and inviting to cybercriminals. Malware: Rhadamanthys [View Article](https://www.bleepingcomputer.com/news/security/rhadamanthys-stealer-malware-evolves-with-more-powerful-features/?&web_view=true)