An elaborate copyright infringement scam using phishing lures is being deployed to target people and organisations across Europe, distributing the prolific Rhadamanthys infostealer malware.
This is a growing threat, cybersecurity experts have been saying, and we must be increasingly wary in order to secure sensitive information.
The attackers are using extremely well-crafted phishing emails, in some cases pretending to be the legal department of a real company. The emails fake threatening recipients for copyright infringement on social media or other websites and demand that content be removed immediately to prevent substantial legal repercussions such as hefty fines. The scare tactics are intended to put victims on the spot.
These malicious emails, crucially, include download links to archives hosted on popular services such as Dropbox, Discord or Mediafire, frequently obfuscated with newly registered domains. Once downloaded and launched, the Rhadamanthys infostealer discreetly enters the victim’s machine.
Rhadamanthys is a high quantity data stealing malware which is able to steal various sensitive data types. That goes for login details that are kept in web browsers, VPN clients, email clients, chat apps, and yes, even cryptocurrency wallets.
It’s also able to harvest system information, cookies, Browse history, autofill data and saved credit card details. The malware has a sophisticated anti-analysis mechanism, such as obfuscated codes and detection of virtual machine, challenging the detection and disinfection process.
The campaign has been seen attacking various European countries, especially in Central and Eastern Europe, and Israel. According to the experts, the opportunistic factors and the use of localized language in the phishing emails suggest the operation to be run by a financially motivated cybercrime group.
In order to defend against this developing threat, it is strongly recommended that users and organizations:
Beware unsolicited email: You should always be suspicious of e-mail, particularly those that say they are about copyright infringement or require immediate action on your part. Check the legitimacy of the sender independently via official sources and NOT by replying to the email or following any embedded links.
Be cautious with attachments and links: Do not open unsolicited attachments or click on links from unknown or untrusted sources.
Turn on Multi-Factor Authentication (MFA): Turn on MFA for all accounts, particularly for high-value services. If credentials are compromised, MFA can go a long way in limiting who can access information.
Use strong, unique passwords: Strong, unique passwords should be used for all online accounts, preferably using a trusted password manager.
Update software: Keep operating systems, browsers and all other software updated to address any known vulnerabilities that might be used by malware.
Use solid antivirus/anti-malware: Keep security software that’s got your back at all times.
Train employees: Companies should offer ongoing security awareness training to make their workforce more aware of, and response ready to, phishing attempts.
The increasing threats posed by infostealers, such as Rhadamanthys, highlights the importance of a cyber security program that is always on and able to secure digital assets at the first sign of an incident.
