A new cyber attack campaign is using AI and Gmail to target consumers and corporations. The campaign, called “CopyRh(ight)adamantys,” delivers a financially motivated payload using a sophisticated variant of the Rhadamanthys information stealer malware. The attackers use dedicated Gmail accounts to send phishing emails that appear to be from legitimate organizations.
These emails warn recipients of supposed copyright violations on platforms like Facebook. Sergey Shykevich, threat intelligence group manager at Check Point Software, said the campaign shows how cybercriminals are using AI for marketing and automation to enhance their reach and scale. He emphasized that security leaders need to prioritize automation and AI in their defense strategies to combat these global phishing campaigns.
A Google spokesperson said, “We are aware of this campaign, and others like it, which use copyright claims in phishing attempts. Our AI-based protections are highly effective in stopping these attacks, and we’ve recently added additional safeguards to harden our defenses even further.”
Organizations worldwide should be wary of fraudulent copyright infringement emails, which may be a tactic by cybercriminals to steal data. The Rhadamanthys infostealer malware is being distributed through a phishing campaign that began in July, targeting entities across multiple continents.
Ai-assisted phishing exploits via Gmail
The emails falsely claim to report copyright violations related to content on the recipients’ business Facebook pages. They include attachments purported to contain content-removal instructions, which are actually password-protected ZIP archives containing the malware.
Several security firms, including Check Point, have tracked this campaign. Countries targeted include the US, Israel, South Korea, Peru, Thailand, Spain, Switzerland, and Poland. Rhadamanthys can scan victims’ machines for sensitive information, such as seed phrases for cryptocurrency wallets, in addition to credentials and passwords.
This suggests the attackers are financially motivated. Check Point indicates that these tactics suggest low-level criminals, rather than state-sponsored groups, are behind the attacks. The phishing campaign has impacted individuals and entities across various sectors, primarily entertainment, media, technology, and software.
To help protect against attacks, security practices include being cautious with unsolicited emails, verifying sender identities, using multi-factor authentication, educating employees, enabling anti-phishing and anti-malware tools, keeping software updated, and carefully reviewing URLs before clicking.