the data thief hiding on Google

the data thief hiding on Google

Stealers are viruses that enter your PC to steal all possible data. If they are not new, a recently appeared stealer is extremely dangerous.

Like all stealer viruses, Rhadamanthys penetrates in a computer system and steals everything: banking data, personal data, passwords. New on the other hand, Rhadamanthys also steals access to your cryptocurrency wallets that hackers can thus empty.

How does Rhadamanthys infiltrate?

Young youtuber, you want to record your video games, but you don’t have enough income on your Youtube channel to buy paid software. No problem, after a quick Google search, you come across articles talking about OBS Studio. This freeware allows you to film your screen, perfect for recording your games. You type OBS Studio in the search bar and click on one of the first links, you install the software, but nothing happens… Finally, you click on another link and the software installs and works. However, unbeknownst to you, the first install attempt didn’t fail, it just didn’t install OBS Studio, but Rhadamanthys.

Once there, it siphons off all of your data and once its task is done, it deletes itself. No trace of his passage, a perfect crime. For the victim to realize the theft, he will have to be alerted by suspicious movements on his Paypal or when he finds that his crypto wallet is now empty. Until members of the industry sounded the alarm bells like SentinelOne, Rhadamanthys camouflaged itself in the first sponsored links by Google to download OBS Studio, links which are in fact advertisements, as the word “Advertisement” specifies. which overlooks them. From now on, the virus is camouflaged in other still unknown links and surely also in infected cookies as other stealers do.

A stealer as a service

Who is hiding behind Rhadamanthys? We don’t know yet, but what is certain is that its creators put it on sale on the darknet in the form of a subscription. No need to develop your own stealer, just pay and easy data theft is yours. It will cost between $59 for one-week access and $999 for lifetime access.

An ad for Rhadamanthys from the darknet. © Screenshot

To understand the origin of the name of this stealer, we can already observe that the promotional logo of Rhadamanthys shows a dragon. The name is actually a reference to the manga Saint Seiya (the Knights of the Zodiac in French). One of the main enemies of the heroes of this manga is called: Rhadamanthys or Rhadamanthe depending on the version. His armor, as the name suggests, is in the shape of a wyvern or vouivre in French, a mythological dragon-like animal. The hackers behind this stealer are undoubtedly fans of the work of Masami Kurumada.