This AI-powered malware has evolved to add image recognition

Laptop screen with red background and a warning sign in the middle

(Image credit: Pixabay)

Hackers can now steal people’s cryptocurrency wallet seed phrases, even when they are stored as an image file, experts have warned

When a user sets up a new crypto wallet, they get a “seed phrase” - a set of 12 or 24 random words, which can later be used to restore the wallet in a new app or device (in case of loss or theft). Crooks that happen to steal a seed phrase can manage the money found in the wallet however they like.

But when a person saves the seed phrase in an image file (for example, with a screenshot), it makes the criminals’ job that much harder.

A highly potent threat

Enter Rhadamanthys version 0.7.0, recently introduced and carrying new, important bells and whistles. Recorded Future's Insikt Group recently analyzed this new version and released an in-depth report, which states that the infostealer now comes with Artificial Intelligence (AI) capabilities, and allows for optical character recognition (OCR).

Together, these two tools are called "Seed Phrase Image Recognition" which, in the above context, is pretty self explanatory.

"This allows Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a highly potent threat for anyone dealing in cryptocurrencies," Recorded Future's Insikt Group said in its analysis. "The malware can recognize seed phrase images on the client side and send them back to the command-and-control (C2) server for further exploitation."

Even before the new features, Rhadamanthys was a potent, and popular infostealer. It was first discovered back in 2022, and has since grown into one of the most formidable pieces of malware. Hackers can subscribe to the service, paying $250 a month for the infostealer (or $550 for 90 days).

The latest version was released in June 2024, and comes as a "complete rewrite of both client-side and server-side frameworks, improving the program's execution stability." Recorded Future concluded.

Via The Hacker News

More from TechRadar Pro

Healthcare organizations are having to pay millions to solve ransomware attacks
Here's a list of the best firewalls today
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.