Beware of Fake Copyright Claims that Deliver Rhadamanthys Stealer Malware

Cybercriminals have launched a large-scale phishing attack using a new variant of Rhadamanthys Stealer, dubbed CopyRh(ight)adamantys, which targets individuals and organizations worldwide, falsely accusing them of copyright infringement. 

Attackers impersonate legitimate companies via Gmail accounts, sending emails that trick victims into clicking malicious links, downloading malware, and stealing sensitive information like login credentials and financial data. 

The operation, likely conducted by a financially motivated cybercrime group, highlights the increasing sophistication of phishing attacks and the importance of cybersecurity awareness.

Copyright campaign infection chain
Copyright campaign infection chain

Spear-phishing emails, masquerading as legal notices from reputable companies, are being sent to deceive victims into downloading a malicious payload, which falsely accuses recipients of copyright infringement and directs them to download a file that, upon execution, installs the Rhadamanthys stealer. 

Managed Detection and Response Buyer’s Guide – Free Download (PDF)

This sophisticated malware can steal sensitive information from compromised systems, resulting in significant data breaches and financial losses.

Despite being falsely advertised as using modern artificial intelligence, the Stealer malware actually uses older machine-learning techniques for optical character recognition (OCR). 

The attackers leverage AI-powered tools to automate phishing campaigns, generate targeted emails, and create numerous Gmail accounts, which allows for large-scale attacks. However, occasional inaccuracies in language localization highlight the limitations of the AI tools used.

Phishing email written in Korean mistakenly sent to a target in Israel.
Phishing email written in Korean mistakenly sent to a target in Israel.

Cybersecurity researchers at Checkpoint discovered a widespread phishing campaign, dubbed Rhadamanthys, targeting various industries, particularly entertainment, media, technology, and software. 

The attackers impersonated legitimate companies, including Check Point itself, and sent a large number of targeted phishing emails to individuals and organizations worldwide.

This highlights the increasing sophistication of cyber threats and the need for robust cybersecurity measures to protect against such attacks.

The phishing email purports to be from Check Point.
The phishing email purports to be from Check Point.

An analysis suggests that the CopyRh(ight)adamantys campaign, previously attributed to nation-state threat actors, is likely the work of a cybercrime group, and it is based on the campaign’s broad targeting of various organizations, the use of readily available malware from underground forums, and the absence of selective targeting characteristic of state-sponsored attacks. 

Recent large-scale phishing campaigns leverage the theme of copyright infringement to distribute the Rhadamanthys info stealer, which exploits the topic’s credibility to deceive victims. 

The sophisticated methods used in these attacks highlight the increasing complexity of phishing threats.

Implementing comprehensive inline protection against malicious emails is crucial for businesses to safeguard against such attacks and maintain operational security.

Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!

The post Beware of Fake Copyright Claims that Deliver Rhadamanthys Stealer Malware appeared first on Cyber Security News.