Rhadamanthys

Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines. This malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.

Known Variants

Rhadamanthys infostealer with modular capabilities for credentials and session data theft.

Mitigation Strategies

Protect sensitive data by employing endpoint protection tools, using behavior-based detection systems, and implementing browser security hardening. Regularly review network activity for unusual patterns indicative of data exfiltration attempts.

Targeted Industries or Sectors

Targets financial services, e-commerce, and retail, focusing on stealing customer data and credentials.

Associated Threat Actors

Primarily linked to cybercriminals focused on monetizing stolen credentials through fraud or resale

References

Ready to uncover malware networks?

We can help you detect malware families and expose their hidden infrastructure blending into malicious networks and hosting providers.

Book your Demo Today

Ready to uncover malware networks?

We can help you detect malware families and expose their hidden infrastructure blending into malicious networks and hosting providers.

Book your Demo Today

Ready to uncover malware networks?

We can help you detect malware families and expose their hidden infrastructure blending into malicious networks and hosting providers.

Book your Demo Today

Hunt Intelligence, Inc.