Sophisticated Phishing Campaign Targets Gmail Accounts with Rhadamanthys Stealer Malware

Sophisticated Phishing Campaign Targets Gmail Accounts with Rhadamanthys Stealer "Malware"

Ilustration 

A cybersecurity firm Check Point has detected a targeted attack on Gmail accounts, where attackers masquerade as legitimate companies. The scam involves sending emails that claim victims have committed copyright infringement on Facebook, tricking them into installing the Rhadamanthys Stealer malware.

Criminals use fake Gmail accounts to send emails that appear to come from well-known companies. These addresses and the email content are personalized for each target, alleging copyright violations. Most of the impersonated companies are from the entertainment and media industries, Check Point explains.

According to the cybersecurity company, several groups have been using this malware throughout the year, including attackers from Israel, Iran, and Albania. The latest wave of attacks specifically targeting Gmail users was detected in July. The fraudulent messages, often automated, accuse the recipient of using a company’s brand improperly on social media and demand the removal of specific images or videos.

Victims are instructed to follow steps that include downloading a file, which initiates the infection and installs the Rhadamanthys Stealer malware. This software is capable of extracting sensitive data from infected devices. Attacks have been identified in the US, Europe, and Asia, but Check Point believes the campaign has a global reach.