Malware dubbed ‘Rhadamanthys’ updated to exact more misery

BleepingComputer reports that significant improvements have been made to the newest versions of the Rhadamanthys information-stealing malware, which initially targeted email, online banking, and FTP credentials upon its discovery in August 2022. Aside from featuring a new plugin system enabling more customized capabilities, as well as the Data Spy plugin that facilitates RDP login tracking and credential exfiltration efforts, Rhadamanthys version 0.5.0 also included stub construction and client execution enhancements, according to a Check Point report. Developers of the new Rhadamanthys infostealer also addressed vulnerabilities impacting the cryptocurrency wallet-targeting system and Discord token acquisition in addition to strengthening browser data theft capabilities. Anti-analysis checks and a next-stage XS1 module package, as well as an embedded configuration, have also been added to the new Rhadamanthys malware loader, with XS1 found to feature five new modules for evasion purposes. Moreover, further improvements have been added to Rhadamanthys version 0.5.1, including a novel Clipper plugin and a Google Account cookie deletion feature, indicating the continuous development of the malware.