Scammers are using fake copyright infringement claims to hack businesses

Fraudsters are impersonating firms in the entertainment industry

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Scammers have been spotted sending out fake copyright infringement violation claims as part of a new phishing campaign aiming to spread the latest version of the Rhadamanthys Stealermalware.

Cybersecurity researchers Check Point Software, who dubbed the campaign CopyRh(ight)adamanthys, noted the crooks were casting a wide net, targeting as many companies as possible.

At the same time, they were also impersonating a large number of different organizations, but due to their high online presence, and frequent copyright-related issues, the majority (70%) were from the entertainment, media, and tech industries.

End of life

Despite Rhadamanthys being a powerful infostealer, this doesn’t seem to be a campaign orchestrated by a nation-state. Rather, the group behind the attack is most likely financially motivated. In its attack, the group uses dedicated Gmail accounts, sometimes targeting the same victim from multiple addresses. They also seem to be using AI capabilities efficiently, not just to create convincing phishing emails, but also to automate the attacks, as well.

The key of the campaign, Check Point Software argued, is to implement an updated version of Rhadamanthys. The author claims this version comes with advanced AI-driven features, a claim that was apparently refuted. The tool was proven to use older machine learning techniques, seen in optical character recognition (ORC) software.

“The attackers may be leveraging AI-enhanced automation tools to create phishing content and manage the high volume of Gmail accounts and diversified phishing needed for the campaign,” the researchers concluded.

The Rhadamanthys infostealer is a type of malware designed to steal sensitive information from infected systems, including login credentials, browser data, and cryptocurrency wallet details. It operates by capturing data from popular web browsers, email clients, and other applications where users may store credentials or personal information.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The tool can also log keys and record keystrokes, as alternative means of stealing passwords and other sensitive data. The malware is often distributed through phishing campaigns and malicious attachments.

You might also like

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

HPE reveals critical security bug affecting networking access points

A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now

New Secretlab Skins Lite let you overhaul the look of your chair for under $100