Rhadamanthys
-
GitHub repositories used to deliver new PyStoreRAT JavaScript RAT
Researchers say GitHub-hosted Python repositories have been used to deliver a JavaScript-based RAT called PyStoreRAT that executes remote HTA payloads, deploys a Rhadamanthys stealer and includes persistence and evasion measures; Chinese vendor QiAnXin also reported a separate SetcodeRat campaign.
-
Researchers: ClickFix variants use fake Windows Update page and steganography to deliver infostealers
Researchers warn that ClickFix attack variants are using a full‑screen fake Windows Update page and steganography in PNG images to hide and deliver infostealer malware, with campaigns employing mshta, PowerShell, a .NET Stego Loader and in‑memory execution techniques.
-
International police action disrupts Rhadamanthys, VenomRAT and Elysium operations
Authorities in nine countries, coordinated by Europol and Eurojust, dismantled infrastructure for Rhadamanthys, VenomRAT and Elysium by taking down 1,025 servers, seizing 20 domains and arresting a suspect in Greece as part of Operation Endgame.
-
Researchers: network published more than 3,000 malicious YouTube videos to distribute malware
Security researchers say a network of compromised YouTube accounts published more than 3,000 videos since 2021 to promote links that lead to malware downloads; Check Point labelled the operation the YouTube Ghost Network and said Google removed most of the videos.
