The cybersecurity research team at Check Point Software has uncovered a new phishing campaign targeting businesses with fake copyright infringement claims. The attackers are using dedicated Gmail accounts to impersonate well-known companies in the entertainment, media, and tech industries. This campaign, named “CopyRh(ight)adamanthys” by the researchers, is distributing the latest version of the Rhadamanthys Stealer malware.
The majority of the targets (70%) come from sectors with high online visibility and frequent involvement in copyright-related issues. The Rhadamanthys Stealer is designed to capture sensitive information from infected systems. This includes login credentials, browser data, and cryptocurrency wallet details.
The malware can log keys, record keystrokes, and steal passwords from popular web browsers and email clients. The attackers are leveraging AI-enhanced automation tools to manage the high volume of Gmail accounts and diversified phishing needed for the campaign. This allows them to efficiently automate their phishing strategies, increasing the scale and effectiveness of their attacks.
Check Point finds new phishing scheme
Despite its sophisticated strategy, the campaign is believed to be financially motivated rather than state-sponsored. The researchers originally argued that this updated version of Rhadamanthys includes advanced AI-driven features.
However, it was later proven that the tool employs older machine learning techniques, like optical character recognition (ORC) software. Sergey Shykevich, the threat intelligence group manager at Check Point Software, emphasized the evolving nature of cyber threats and the crucial role AI now plays in these attacks. The discovery of the CopyRh(ight)adamanthys campaign highlights how cybercriminals are using AI for marketing purposes and automation to enhance their reach and operational scale,” Shykevich said.
In light of these developments, businesses are advised to be vigilant about unexpected copyright infringement notifications. They should also adopt comprehensive cybersecurity measures to defend against such sophisticated threats. This includes advanced threat detection technologies, employee training, and robust incident response plans.
As cyber attackers continue to innovate, it is imperative for organizations to take a proactive stance in their cybersecurity measures. Continuous monitoring, employee education, and advanced security technologies are essential components in safeguarding against the ever-evolving landscape of cyber threats.
