Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Rhadamanthys Stealer Enhancements

December 18, 2023
Reading Time: 2 mins read
in Alerts
Rhadamanthys Stealer Enhancements

The Rhadamanthys information-stealing malware has undergone notable developments, with its creators releasing versions 0.5.0 and 0.5.1, showcasing a commitment to active and rapid evolution. Originally emerging in August 2022, Rhadamanthys is a C++ information stealer designed to target various credentials, including those related to email, FTP, and online banking services. Unlike some initial information-stealing competitors, Rhadamanthys opted for a subscription-based distribution model, utilizing channels such as malvertising, tainted torrent downloads, emails, and YouTube videos to reach its targets.

A significant enhancement introduced in version 0.5.0 is the implementation of a new plugin system, allowing greater customization and flexibility tailored to specific distribution needs. This modular approach enables cybercriminals to minimize their footprint by selectively loading plugins with the capabilities they require, adapting to different targets and evading security measures. A specific plugin included, known as ‘Data Spy,’ focuses on monitoring RDP login attempts and capturing the associated credentials, showcasing the malware’s versatility in espionage.

Version 0.5.0 also saw improvements in stub construction and the client execution process, addressing issues related to cryptocurrency wallet targeting, and enhancing data stealing from browsers. The malware loader underwent a rewrite, incorporating anti-analysis checks, an embedded configuration, and modules for the next stage (XS1). The XS1 loader unpacks various modules, five of which are new in this version, emphasizing evasion techniques. These modules play a crucial role in communicating with the command and control (C2) server, where additional modules, including both passive and active stealers, are obtained.

Passive stealers focus on less intrusive information gathering, combing through directories and monitoring applications for sensitive data exchanges. Active stealers, on the other hand, employ more invasive techniques, such as keylogging, screen capturing, and code injection into running processes to maximize data exfiltration. The malware’s development is showcased by the rapid release of version 0.5.1, which introduces compelling features like a Clipper plugin diverting crypto payments, Telegram notification options for exfiltrating wallet information, recovery of deleted Google Account cookies, and the ability to evade Windows Defender, including cloud protection, by cleaning its stub.

The continuous and active development of Rhadamanthys underscores its evolving capabilities and attractiveness to threat actors seeking a sophisticated and adaptable tool for their malicious campaigns. As the malware continues to add features, including those that enhance its evasion techniques and target a broader range of applications, it poses an ongoing threat to cybersecurity, requiring vigilant measures and updated defenses to counter its potential impact.

Reference:
  • Rhadamanthys Stealer Advances with Powerful Upgrades
Tags: Cyber AlertCyber Alerts 2023Cyber GangCyber RiskCybercriminalsDecember 2023EmailsMalvertisingMalwareRhadamanthys
ADVERTISEMENT

Related Posts

COLDRIVER Hackers Target Sensitive Data

COLDRIVER Hackers Target Sensitive Data

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

CoGUI Targets Consumer and Finance Brands

May 8, 2025
Critical Kibana Flaws Allows Code Execution

Mirai Botnet Exploits Vulnerabilities in IoT

May 7, 2025
Critical Kibana Flaws Allows Code Execution

Critical Kibana Flaws Allows Code Execution

May 7, 2025
Critical Kibana Flaws Allows Code Execution

New OttoKit Flaw Targets WordPress Sites

May 7, 2025

Latest Alerts

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

New OttoKit Flaw Targets WordPress Sites

Mirai Botnet Exploits Vulnerabilities in IoT

Critical Kibana Flaws Allows Code Execution

Subscribe to our newsletter

    Latest Incidents

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    UK Legal Aid Agency Faces Cyber Incident

    South African Airways Hit by Cyberattack

    Coweta County School System Cyberattack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial