The Evolution of Rhadamanthys Malware: A Powerful Information Stealer
Originally Published 2 years ago — by The Hacker News
The Rhadamanthys information stealer malware has been evolving with new features and a plugin system that allows for customization, making it a versatile threat. It is distributed through malicious websites and can harvest sensitive information from compromised hosts, including web browsers, crypto wallets, email clients, VPNs, and instant messaging apps. The malware's development shows similarities to the Hidden Bee coin miner, indicating a fast-paced and ongoing evolution. The current version, 0.5.2, includes a new plugin system that enables customers to deploy additional tools tailored to their targets. Additionally, the malware uses a Lua script runner to extract information from various sources and has added clipper functionality to divert cryptocurrency payments. The findings coincide with the discovery of new AsyncRAT infection chains that use a legitimate Microsoft process to deploy a remote access trojan (RAT) via phishing attacks.