Scammers use false claims of copyright infringement to hack companies
- Researchers discover new phishing campaign spreading Rhadamanthys infostealer
- The crooks pose as entertainment, media and technology companies
- The campaign is automated and abuses Gmail
Scammers have been spotted sending out false copyright infringement claims as part of a new phishing campaign aimed at spreading the latest version of the Rhadamanthys Stealer malware.
Cybersecurity researchers Check Point Software, who dubbed the campaign CopyRh(ight)adamanthys, noted that the crooks cast a wide net and targeted as many companies as possible.
At the same time, they also masqueraded as many different organizations, but due to their high online presence and frequent copyright-related issues, the majority (70%) came from the entertainment, media and technology industries.
End of life
Despite Rhadamanthys being a powerful information stealer, this does not appear to be a campaign orchestrated by a nation state. On the contrary, the group behind the attack is most likely financially motivated. The attack uses special Gmail accounts, sometimes attacking the same victim from multiple addresses. They also appear to be using the AI capabilities efficiently, not only to create convincing phishing emails but also to automate the attacks.
The key to the campaign, Check Point Software argued, is deploying an updated version of Rhadamanthys. The author claims that this version comes with advanced AI-driven features, a claim that has apparently been refuted. The tool has been proven to leverage older machine learning techniques, as seen in optical character recognition (ORC) software.
“The attackers may be using AI-enabled automation tools to create phishing content and manage the large number of Gmail accounts and diversified phishing required for the campaign,” the researchers concluded.
The Rhadamanthys infostealer is a type of malware designed to steal sensitive information from infected systems, including login credentials, browser data, and cryptocurrency wallet details. It works by capturing data from popular web browsers, email clients, and other applications that allow users to store login credentials or personal information.
The tool can also log keys and record keystrokes, as an alternative way to steal passwords and other sensitive data. The malware is often spread via phishing campaigns and malicious attachments.