- Researchers spot new phishing campaign distributing Rhadamanthys infostealer
- The crooks are impersonating entertainment, media, and tech firms
- The campaign is automated and abuses Gmail
Scammers have been spotted sending out fake copyright infringement violation claims as part of a new phishing campaign aiming to spread the latest version of the Rhadamanthys Stealer malware.
Cybersecurity researchers Check Point Software, who dubbed the campaign CopyRh(ight)adamanthys, noted the crooks were casting a wide net, targeting as many companies as possible.
At the same time, they were also impersonating a large number of different organizations, but due to their high online presence, and frequent copyright-related issues, the majority (70%) were from the entertainment, media, and tech industries.
End of life
Despite Rhadamanthys being a powerful infostealer, this doesn’t seem to be a campaign orchestrated by a nation-state. Rather, the group behind the attack is most likely financially motivated. In its attack, the group uses dedicated Gmail accounts, sometimes targeting the same victim from multiple addresses. They also seem to be using AI capabilities efficiently, not just to create convincing phishing emails, but also to automate the attacks, as well.
The key of the campaign, Check Point Software argued, is to implement an updated version of Rhadamanthys. The author claims this version comes with advanced AI-driven features, a claim that was apparently refuted. The tool was proven to use older machine learning techniques, seen in optical character recognition (ORC) software.
“The attackers may be leveraging AI-enhanced automation tools to create phishing content and manage…
Read full post on Tech Radar
