The newly discovered Rhadamanthys Stealer has been circulating in the cybersecurity landscape by luring potential targets to phishing websites that impersonate popular software through Google Ads.
Based on reports, the new threat that uses spam emails and Google Ads to infect servers was offered by its developers under a MaaS model. The Rhadamanthys Stealer spreads through Google Ads to redirect targeted victims to phishing websites that spoof popular software such as Zoom, Bluestacks, Notepad++, and AnyDesk.
In addition, the stealer could also use spam emails that contain an attachment for deploying malicious payloads.
The Rhadamanthys Stealer targets various entities within a targeted system.
According to investigations, the Rhadamanthys Stealer targets several apps, including cryptocurrency wallets, messaging applications, and web browsers.
Some targeted browsers include Edge, Chrome, Opera, Sleipnir5, Brave, CocCoc, and Moon. The stealer also scours a targeted system for crypto wallets such as Armory, Binance, Bitcoin, Bytecoin, Qtum-Electrum, Zap, Zcash, Zecwallet Lite, and Wallet Wasabi.
The stealer also targets enterprise apps like Foxmail, Outlook, Thunderbird, GmailNotifierPro, file managers, password managers, and FTP clients.
Furthermore, messaging applications such as Discord, Telegram and Tox are also unsafe from Rhadamanthys Stealer attacks. Lastly, VPN services like ProtonVPN, Winscribe VPN, OpenVPN, and NordVPN are also on the hit list of the new stealer.
Researchers have recorded a surge of info stealers that exploit the Google Ads features. A couple of weeks ago, the Vermux malware was discovered abusing the propagation ability of Google Ads to spread its payloads.
Also, the IcedID operators employed new techniques in its distribution mechanics by abusing Google pay-per-click ads to spread their botnet through malvertisement. Hence, threat actors have recently been attracted to the features used in Google Ads.
Info stealers are becoming a serious threat as more stealer pops up out of nowhere and infect users. Moreover, spam emails and phishing websites have become complementary tools for info stealers to make matters worse.
Users should become more cautious in dealing with advertisements and carefully downloading software from untrusted websites.
