Overview

The Rhadamanthys Stealer is a malvertising campaign, spreading across the internet via Google Ads which redirect users to trojanized versions of installers for many popular software packages (ex from alert: Zoom, AnyDesk, BlueStacks, Notepad++, and Adobe Acrobat.) this malware is a “stealer” type of malware, developed to steal targeted files, system info, cookies, history, autofill’s, passwords, 2FA and password managers, VPNs, Mail Clients and more.The malware utilizes AES 256-bit encryption to communicate with its command and control. There are Indicators of Compromise (IOC) available.

 

Sources

https://socprime.com/blog/rhadamanthys-malware-detection-new-infostealer-spread-via-google-ads-spam-emails-to-target-crypto-wallets-and-dump-sensitive-information/

https://www.pcrisk.com/removal-guides/25643-rhadamanthys-stealer

https://threatmon.io/rhadamanthys-stealer-analysis-threatmon