gradient

Scammers are using fake copyright infringement claims to hack businesses

Researchers spot new phishing campaign distributing Rhadamanthys infostealerThe crooks are impersonating entertainment, media, and tech firmsThe campaign is automated and abuses Gmail

Scammers have been spotted sending out fake copyright infringement violation claims as part of a new phishing campaign aiming to spread the latest version of the Rhadamanthys Stealer malware.

Cybersecurity researchers Check Point Software, who dubbed the campaign CopyRh(ight)adamanthys, noted the crooks were casting a wide net, targeting as many companies as possible.

At the same time, they were also impersonating a large number of different organizations, but due to their high online presence, and frequent copyright-related issues, the majority (70%) were from the entertainment, media, and tech industries.

End of life

Despite Rhadamanthys being a powerful infostealer, this doesn’t seem to be a campaign orchestrated by a nation-state. Rather, the group behind the attack is most likely financially motivated. In its attack, the group uses dedicated Gmail accounts, sometimes targeting the same victim from multiple addresses. They also seem to be using AI capabilities efficiently, not just to create convincing phishing emails, but also to automate the attacks, as well.

The key of the campaign, Check Point Software argued, is to implement an updated version of Rhadamanthys. The author claims this version comes with advanced AI-driven features, a claim that was apparently refuted. The tool was proven to use older machine learning techniques, seen in optical character recognition (ORC) software.

“The attackers may be leveraging AI-enhanced automation tools to create phishing content and manage the high volume of Gmail accounts and diversified phishing needed for the campaign,” the researchers concluded.

The Rhadamanthys infostealer is a type of malware designed to steal sensitive information from infected systems, including login credentials, browser data, and cryptocurrency wallet details. It operates by capturing data from popular web browsers, email clients, and other applications where users may store credentials or personal information.

The tool can also log keys and record keystrokes, as alternative means of stealing passwords and other sensitive data. The malware is often distributed through phishing campaigns and malicious attachments.

You might also like

That Google Meet invite could be a fake, hiding some dangerous malwareHere’s a list of the best firewalls todayThese are the best endpoint protection tools right now