https://research.checkpoint.com/2024/massive-phishing-campaign-deploys-latest-rhadamanthys-version
A new phishing campaign leveraging a sophisticated infostealer, known as Rhadamanthys, is targeting organizations worldwide. Cybercriminals are sending out emails falsely claiming copyright infringement, enticing victims to open malicious attachments.
How the Attack Works:
- Phishing Email: Victims receive emails from seemingly legitimate sources, accusing them of copyright infringement.
- Malicious Attachment: The email contains a ZIP file that, when opened, executes a malicious script.
- Infostealer Deployment: The script installs the Rhadamanthys infostealer, which steals sensitive information like passwords, credentials, and cryptocurrency wallet data.
Key Features of Rhadamanthys:
- AI-Powered OCR: The malware uses AI-powered OCR to identify and extract valuable data from victims’ systems.
- Versatile Attack Methods: Rhadamanthys can deploy via various methods, including MSI files, which can bypass security defenses.
- Data Theft: The malware steals a wide range of sensitive information, including credentials, cookies, and cryptocurrency wallet data.
Protecting Yourself:
- Be Wary of Suspicious Emails: Exercise caution when receiving unexpected emails, especially those claiming legal action.
- Avoid Opening Attachments from Unknown Senders: Never open attachments from suspicious emails, even if they appear to be from legitimate sources.
- Keep Software Updated: Ensure that your operating system and security software are up-to-date with the latest patches.
- Use Strong Passwords: Create strong, unique passwords for each of your online accounts.
- Enable Two-Factor Authentication: Use two-factor authentication whenever possible to add an extra layer of security.
By staying informed and practicing good cybersecurity habits, individuals and organizations can protect themselves from these types of attacks.