Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Rhadamanthys Stealer Enhancements

December 18, 2023
Reading Time: 2 mins read
in Alerts
Rhadamanthys Stealer Enhancements

The Rhadamanthys information-stealing malware has undergone notable developments, with its creators releasing versions 0.5.0 and 0.5.1, showcasing a commitment to active and rapid evolution. Originally emerging in August 2022, Rhadamanthys is a C++ information stealer designed to target various credentials, including those related to email, FTP, and online banking services. Unlike some initial information-stealing competitors, Rhadamanthys opted for a subscription-based distribution model, utilizing channels such as malvertising, tainted torrent downloads, emails, and YouTube videos to reach its targets.

A significant enhancement introduced in version 0.5.0 is the implementation of a new plugin system, allowing greater customization and flexibility tailored to specific distribution needs. This modular approach enables cybercriminals to minimize their footprint by selectively loading plugins with the capabilities they require, adapting to different targets and evading security measures. A specific plugin included, known as ‘Data Spy,’ focuses on monitoring RDP login attempts and capturing the associated credentials, showcasing the malware’s versatility in espionage.

Version 0.5.0 also saw improvements in stub construction and the client execution process, addressing issues related to cryptocurrency wallet targeting, and enhancing data stealing from browsers. The malware loader underwent a rewrite, incorporating anti-analysis checks, an embedded configuration, and modules for the next stage (XS1). The XS1 loader unpacks various modules, five of which are new in this version, emphasizing evasion techniques. These modules play a crucial role in communicating with the command and control (C2) server, where additional modules, including both passive and active stealers, are obtained.

Passive stealers focus on less intrusive information gathering, combing through directories and monitoring applications for sensitive data exchanges. Active stealers, on the other hand, employ more invasive techniques, such as keylogging, screen capturing, and code injection into running processes to maximize data exfiltration. The malware’s development is showcased by the rapid release of version 0.5.1, which introduces compelling features like a Clipper plugin diverting crypto payments, Telegram notification options for exfiltrating wallet information, recovery of deleted Google Account cookies, and the ability to evade Windows Defender, including cloud protection, by cleaning its stub.

The continuous and active development of Rhadamanthys underscores its evolving capabilities and attractiveness to threat actors seeking a sophisticated and adaptable tool for their malicious campaigns. As the malware continues to add features, including those that enhance its evasion techniques and target a broader range of applications, it poses an ongoing threat to cybersecurity, requiring vigilant measures and updated defenses to counter its potential impact.

Reference:
  • Rhadamanthys Stealer Advances with Powerful Upgrades
Tags: Cyber AlertCyber Alerts 2023Cyber GangCyber RiskCybercriminalsDecember 2023EmailsMalvertisingMalwareRhadamanthys
ADVERTISEMENT

Related Posts

GhostSpy Android Malware Full Device Control

FBI Warns Luna Moth Targets US Law Firms

May 27, 2025
GhostSpy Android Malware Full Device Control

Winos 4.0 Malware Spread Via Fake Installers

May 27, 2025
GhostSpy Android Malware Full Device Control

GhostSpy Android Malware Full Device Control

May 27, 2025
D-Link Routers Exposed by Weak Credentials

D-Link Routers Exposed by Weak Credentials

May 26, 2025
D-Link Routers Exposed by Weak Credentials

TA-ShadowCricke Unmasked via Backdoors

May 26, 2025
D-Link Routers Exposed by Weak Credentials

Killnet Resurfaces with New Identity

May 26, 2025

Latest Alerts

FBI Warns Luna Moth Targets US Law Firms

Winos 4.0 Malware Spread Via Fake Installers

GhostSpy Android Malware Full Device Control

D-Link Routers Exposed by Weak Credentials

TA-ShadowCricke Unmasked via Backdoors

Killnet Resurfaces with New Identity

Subscribe to our newsletter

    Latest Incidents

    Everest Ransomware Leaks Coke Staff Data

    Adidas Data Breach Exposes Customer Contacts

    Semiconductor Firm AXT Hit by Data Breach

    Hackers Steal $700K from Philly School District Accounts

    Chinese hackers hit US utilities via flaw

    Naukri Fixes Bug That Exposed Recruiter Email Addresses

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial