The developers of the Rhadamanthys information-stealing malware have released two major versions, introducing new stealing capabilities and enhanced evasion techniques. The malware, sold via a subscription model, targets email, FTP, and online banking service account credentials. The latest versions feature a new plugin system for customization, improved stub construction, and client execution process, as well as fixes for targeting cryptocurrency wallets. Rhadamanthys also includes passive and active stealers for data exfiltration, with the ability to evade Windows Defender. The rapid development of Rhadamanthys makes it an increasingly attractive tool for cybercriminals.
Over 400,000 corporate credentials have been stolen by information-stealing malware, according to an analysis of nearly 20 million malware logs. Information stealers target both careless internet users and corporate environments, with employees using personal devices for work or accessing personal content from work computers. The stolen data is packaged into logs and sold on the dark web and Telegram channels. The most prominent information-stealing families include Redline, Raccoon, Titan, Aurora, and Vidar. Cybersecurity firm Flare found approximately 375,000 logs containing access to business applications such as Salesforce, Hubspot, Quickbooks, AWS, GCP, Okta, and DocuSign. It is recommended that businesses enforce cybersecurity measures such as password managers, multi-factor authentication, and strict controls on personal device use.
A new information-stealing malware called 'Atomic' is being sold to cybercriminals via private Telegram channels for $1,000 per month. The malware targets macOS systems and steals keychain passwords, files, cookies, and credit cards stored in browsers, as well as data from over 50 cryptocurrency extensions. The malware also provides a ready-to-use web panel for easy victim management and the ability to receive stolen logs on Telegram. The malware goes largely undetected on VirusTotal, and buyers are responsible for setting up their own channels for distribution.
MacStealer is a new information-stealing malware that primarily affects macOS devices running Catalina and later on M1 and M2 CPUs. It uses Telegram as a command-and-control platform to exfiltrate data and can steal iCloud Keychain data, passwords, and credit card information from browsers like Google Chrome, Mozilla Firefox, and Brave. The malware is propagated as a DMG file and is still a work in progress, with the malware authors planning to add features to capture data from Apple's Safari browser and the Notes app. To mitigate such threats, it's recommended that users keep their operating system and security software up to date and avoid downloading files or clicking links from unknown sources.
