New crypto stealer: Rhadamanthys Stealer malware

pawanjain

hero member

Activity: 2674

Merit: 713

Nothing lasts forever

Quote from: TravelMug on December 21, 2023, 01:14:20 AM

This Stealer malware has improved throughout the years and now it's getting more dangerous than ever, from banking trojan to crypto stealing wallet.

Quote

Highlights

- The Rhadamanthys stealer is a multi-layer malware, sold on the black market, and frequently updated. Recently the author released a new major version, 0.5.0.
- In the new version, the malware expands its stealing capabilities and also introduces some general-purpose spying functions.
- A new plugin system makes the malware expandable for specific distributor needs.
- The custom executable formats, used for modules, are unchanged since our last publication (XS1 and XS2 formats are still in distribution).

And it has evolved to target more crypto related wallets:

And as per usual the methods to spread this is thru torrents, warez, malvertizing, Youtube videos and other channels.

So as much as possible stay away from those sites, do not download any fake softwares. Everyone should be very careful more than ever as criminals are very much into our space right now and we don't want to be the next victim here.

https://research.checkpoint.com/2023/rhadamanthys-v0-5-0-a-deep-dive-into-the-stealers-components/

Good to see that Mycelium is not on the list but the list is huge and many other popular names are included in the list which is quite concerning.
It's good that you have shared the list because many people download these wallets like Electrum, Atomic wallet, Exodus etc...
Fake softwares are all over the internet and this is reason why it is always recommended to download softwares from official websites only.

Doan9269

hero member

Activity: 812

Merit: 560

Quote from: TravelMug on December 21, 2023, 01:14:20 AM

So as much as possible stay away from those sites, do not download any fake softwares. Everyone should be very careful more than ever as criminals are very much into our space right now and we don't want to be the next victim here.

This is as important as nit reading alone the thread but acting as according to how it has been advised to do, I don't know why some like to make downloads like something else, doing that indescriminately will be a cheaper way of getting involved into this kind of attack because the attackers already knows that people like downloading and are not being careful of which site they are making such from, the funny aspect is that we may not have to know the intention of any website that they are trying to tricks us by introducing malwares until we already becomes their prey.

Dave1

hero member

Activity: 1302

Merit: 522

Quote from: Yamane_Keto on December 21, 2023, 04:25:43 AM

I feel that this news and the names of viruses come from the developers of antivirus systems, as they work as an indirect promotion for these services. In the end, there are many names and, most importantly, access permissions. This virus cannot access the seeds, and the best thing it collects about you is your personal data for the purposes of social attacks or copies of your Clipboard.

there is nothing new here, and the advice is as it is: do not click on random links and do not download applications that have not been reviewed by thousands of developers.

It's not new but you have to think why are there so many malwares now that targeted crypto wallets? Because of the money involved, yes, do not click random links, but I'm sure many of us here still fall for that as sometimes we might experience that slip and that is the only way that this criminals can get to us.

And yes this malwares development are getting bolder and so for crypto enthusiast we really need to be very vigilant and careful. It's better to have separate everything so that in case of infection, or crypto wallets are not going to be compromise.

ImThour

copper member

Activity: 1386

Merit: 1481

Bitcoin Bottom was at $15.4k

I mean if you are keeping your Crypto on the same system that you are using to browse internet, download files, watch other stuff, you are doing it wrong.
I would advise you to spend $300 or something, make a very basic system configuration PC and use that offline to store your Crypto and only go Online to sync your wallet.

Yamane_Keto

sr. member

Activity: 406

Merit: 443

Quote from: Mate2237 on December 21, 2023, 07:56:26 AM

Quote from: Yamane_Keto on December 21, 2023, 04:25:43 AM

I feel that this news and the names of viruses come from the developers of antivirus systems, as they work as an indirect promotion for these services.

Exactly. Those antivirus software companies are the same companies that development the same malwares. In years back a friend mine who is into computer science told me that antivirus software creators are the one who create virus as well so that they can sell their market. And this malware to steal currency in online is not a new development but it is an old news.

They may not necessarily be the developers of these viruses, but their spread is an increase in their profits. They may even invent a new name and launch propaganda around it to convince people to buy the new update, and so on. Although these programs are useful, they depend on how careful the user is, if he downloaded them and was not careful and wanted to download random software, he will inevitably be hacked.

I would rather use open source software, avoid downloading or clicking on any unknown links, than spend $200 on an antivirus and do whatever I want with my computer.

Mate2237

hero member

Activity: 700

Merit: 577

Eloncoin.org - Mars, here we come!

Quote from: Yamane_Keto on December 21, 2023, 04:25:43 AM

I feel that this news and the names of viruses come from the developers of antivirus systems, as they work as an indirect promotion for these services.

Exactly. Those antivirus software companies are the same companies that development the same malwares. In years back a friend mine who is into computer science told me that antivirus software creators are the one who create virus as well so that they can sell their market. And this malware to steal currency in online is not a new development but it is an old news. This has been in the banking system of industry for years. Many banks have been in victims in the matter and because of that Banks have also increased their security very right now so the attack on banks have reduced.

And now that they have channeled their stealing malwares to cryptocurrency, which is an individual control system, we should be careful with the kind of link we click in the net and from our emails. In most times they normally send those links to our emails with nice messages and for us to clink and if you mistakenly clicked it then yours is gone. One of the best way to avoid hacking, avoid clicking of links.

lovesmayfamilis

legendary

Activity: 2072

Merit: 4265

✿♥‿♥✿

Do you remember recently someone creating a post about how their Windows Defender was letting viruses through? Many seemed to doubt it, but here is an example of malware when the developer directly announces the ability of his software to bypass Windows Defender. The description of the updates is quite serious, so much so that the stealer can steal cookies from the browser, spoof sessions, and also integrate remote control of the computer, after which, as we understand, the computer ceases to have only one owner.
I don't know if the stealer is capable of penetrating sandboxes, but it is obvious that one of the steps to counteract this software would be to regularly delete all cookies and browser cache.
But this only applies to the browser itself. To limit the penetration of software into the system itself, it is really necessary to monitor the behavior of the computer; for example, long loading times and the obvious freezing of tasks should raise suspicion that not everything is in order in the system.
The option to install Linux systems also works, although in inept hands there will still be holes for viruses.

Yamane_Keto

sr. member

Activity: 406

Merit: 443

I feel that this news and the names of viruses come from the developers of antivirus systems, as they work as an indirect promotion for these services. In the end, there are many names and, most importantly, access permissions. This virus cannot access the seeds, and the best thing it collects about you is your personal data for the purposes of social attacks or copies of your Clipboard.

there is nothing new here, and the advice is as it is: do not click on random links and do not download applications that have not been reviewed by thousands of developers.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Quote from: Churchillvv on December 21, 2023, 03:47:34 AM

In recent times I have been seeing news on this crypto attack malwares and how there are improving the more we update our security measures the higher they increase in viruses to attack but phones to still information.

You may have just been seen malware news recently, but malware news is something common.

Quote from: Churchillvv on December 21, 2023, 03:47:34 AM

My major concern is the fact that it can be in operation without our notice even with some anti malware, so avoiding it now seems to be difficult because it all over the place already from every site you visit regularly like YouTube most time normal videos are link to YouTube.

I am not certain of the ads on YouTube. Just do not click on the ads. Or you can go for the premium version which has no ads and have more benefits. I prefer the later.

Churchillvv

member

Activity: 66

Merit: 5

Eloncoin.org - Mars, here we come!

In recent times I have been seeing news on this crypto attack malwares and how there are improving the more we update our security measures the higher they increase in viruses to attack but phones to still information.

This is more reason why multisig wallets and cold wallets are mentioned by Charles Tim.

My major concern is the fact that it can be in operation without our notice even with some anti malware, so avoiding it now seems to be difficult because it all over the place already from every site you visit regularly like YouTube most time normal videos are link to YouTube.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Quote from: TravelMug on December 21, 2023, 01:14:20 AM

So as much as possible stay away from those sites, do not download any fake softwares. Everyone should be very careful more than ever as criminals are very much into our space right now and we don't want to be the next victim here.

We are in the time that we should have like 2 phones and a laptop. One phone for just something like mobile wallet, banking apps and things like that, but not about just browsing any site. The other phone for browsing much more but still to be careful of malware, avoidimg malware download. The laptops for not browsing much. I mean not to browse just any site than known URLs. To avoid malware is simple but most people that have been affected are not doing things that can make them avoid malware. It would have been late before they will realize that. Even with one device, malware can still be avoided.

But for high amount of coins, it is better to use a cold wallet like Electrum or Sparrow on airgapped device, or to go for a multisig wallet with a proper seed phrase backup.

TravelMug

hero member

Activity: 2632

Merit: 833

This Stealer malware has improved throughout the years and now it's getting more dangerous than ever, from banking trojan to crypto stealing wallet.

Quote

Highlights

- The Rhadamanthys stealer is a multi-layer malware, sold on the black market, and frequently updated. Recently the author released a new major version, 0.5.0.
- In the new version, the malware expands its stealing capabilities and also introduces some general-purpose spying functions.
- A new plugin system makes the malware expandable for specific distributor needs.
- The custom executable formats, used for modules, are unchanged since our last publication (XS1 and XS2 formats are still in distribution).

And it has evolved to target more crypto related wallets:

And as per usual the methods to spread this is thru torrents, warez, malvertizing, Youtube videos and other channels.

So as much as possible stay away from those sites, do not download any fake softwares. Everyone should be very careful more than ever as criminals are very much into our space right now and we don't want to be the next victim here.

https://research.checkpoint.com/2023/rhadamanthys-v0-5-0-a-deep-dive-into-the-stealers-components/

Topic: New crypto stealer: Rhadamanthys Stealer malware (Read 104 times)