HomeSecurity ArchitectureCybercriminals Targeting Global Organizations with Fake Copyright Notices, Reports The Register

Cybercriminals Targeting Global Organizations with Fake Copyright Notices, Reports The Register

Published on

spot_img

Cybercriminals are constantly on the lookout for new ways to steal valuable data from organizations, and the latest tactic involves sending bogus copyright infringement emails as part of a phishing campaign. The Rhadamanthys infostealer malware is the tool of choice for these cybercriminals, with the latest version, Rhadamanthys 0.7, targeting organizations across multiple continents since July.

The phishing emails are designed to appear as though they are coming from media and technology companies, accusing the victims of copyright violations on their business Facebook pages. The email content includes threats of legal action and instructions for content removal, leading the victims to feel a sense of urgency and panic. The emails are sent from different Gmail accounts each time, adding to the sophistication of the scam.

When the victims extract the attachments from the email, they find a decoy PDF, an executable file, and a DLL containing the Rhadamanthys malware. Running the executable file triggers the deployment of the malware, which can then steal sensitive information from the victim’s computer. The use of AI capabilities for optical character recognition (OCR) in Rhadamanthys adds another layer of sophistication to the malware, allowing it to scan for specific files, including cryptocurrency wallet seed phrases.

Security researchers have noted that the AI capabilities used in Rhadamanthys are not as advanced as more recent models and are prone to errors. Despite this, the malware is still effective in stealing credentials, passwords, cookies, and other valuable data from victims. The phishing campaign has targeted organizations in countries such as the US, Israel, South Korea, and Spain, among others.

While previous suspicions pointed to state-sponsored actors behind the Rhadamanthys malware, Check Point Software suggests that lower-level criminals are the true operators due to the indiscriminate targeting and financially motivated tactics. Researchers at Cisco Talos and Recorded Future’s Insikt Group have published their analyses of the malware, highlighting the use of MSI files to execute malicious code and evade defense systems.

Defenders are advised to prioritize automation and AI in their defense strategies to counteract these phishing campaigns effectively. Technical details and indicators of compromise for detecting Rhadamanthys are available on the researchers’ blogs, providing essential information for organizations to protect themselves against this evolving threat. The use of sophisticated malware like Rhadamanthys serves as a reminder of the importance of staying vigilant and implementing robust cybersecurity measures to safeguard sensitive data from cybercriminals.

Source link

Latest articles

Business Leaders Transition to Tangible AI Outcomes, Reveals New TeamViewer Study – Source: www.darkreading.com

Business leaders across industries are increasingly turning to tangible Artificial Intelligence (AI) results to...

Meeting CISA’s Memory Safety Mandate: How OT Software Buyers and Manufacturers Can Play Their Part

CISA, the Cybersecurity and Infrastructure Security Agency, has been actively promoting the adoption of...

Major Colorado Healthcare Company Experiences Cyber Attack

Cybercrime has become a growing concern for many Coloradans in recent years, with the...

ESET APT Activity Report for Q2 2024–Q3 2024

ESET Research recently released their APT Activity Report for Q2 2024–Q3 2024, providing an...

More like this

Business Leaders Transition to Tangible AI Outcomes, Reveals New TeamViewer Study – Source: www.darkreading.com

Business leaders across industries are increasingly turning to tangible Artificial Intelligence (AI) results to...

Meeting CISA’s Memory Safety Mandate: How OT Software Buyers and Manufacturers Can Play Their Part

CISA, the Cybersecurity and Infrastructure Security Agency, has been actively promoting the adoption of...

Major Colorado Healthcare Company Experiences Cyber Attack

Cybercrime has become a growing concern for many Coloradans in recent years, with the...
en_USEnglish