Scammers are using fake copyright infringement claims to hack businesses
Fraudsters are impersonating firms in the entertainment industry
- Researchers spot new phishing campaign distributing Rhadamanthys infostealer
- The crooks are impersonating entertainment, media, and tech firms
- The campaign is automated and abuses Gmail
Scammers have been spotted sending out fake copyright infringement violation claims as part of a new phishing campaign aiming to spread the latest version of the Rhadamanthys Stealer malware.
Cybersecurity researchers Check Point Software, who dubbed the campaign CopyRh(ight)adamanthys, noted the crooks were casting a wide net, targeting as many companies as possible.
At the same time, they were also impersonating a large number of different organizations, but due to their high online presence, and frequent copyright-related issues, the majority (70%) were from the entertainment, media, and tech industries.
End of life
Despite Rhadamanthys being a powerful infostealer, this doesn’t seem to be a campaign orchestrated by a nation-state. Rather, the group behind the attack is most likely financially motivated. In its attack, the group uses dedicated Gmail accounts, sometimes targeting the same victim from multiple addresses. They also seem to be using AI capabilities efficiently, not just to create convincing phishing emails, but also to automate the attacks, as well.
The key of the campaign, Check Point Software argued, is to implement an updated version of Rhadamanthys. The author claims this version comes with advanced AI-driven features, a claim that was apparently refuted. The tool was proven to use older machine learning techniques, seen in optical character recognition (ORC) software.
“The attackers may be leveraging AI-enhanced automation tools to create phishing content and manage the high volume of Gmail accounts and diversified phishing needed for the campaign,” the researchers concluded.
The Rhadamanthys infostealer is a type of malware designed to steal sensitive information from infected systems, including login credentials, browser data, and cryptocurrency wallet details. It operates by capturing data from popular web browsers, email clients, and other applications where users may store credentials or personal information.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The tool can also log keys and record keystrokes, as alternative means of stealing passwords and other sensitive data. The malware is often distributed through phishing campaigns and malicious attachments.
You might also like
- That Google Meet invite could be a fake, hiding some dangerous malware
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.