Gone Phishing

Threat researchers report active Rhadamanthys infostealer activity leveraging phishing (malicious PDFs and password-protected ZIPs with LNK→PowerShell→in-memory payload) and highlight the malware’s evolving capabilities (v0.7.0 with AI OCR to extract crypto wallet seed phrases). Using Censys pivots across HTTP banners, TLS certificate hash, JARM fingerprinting, OpenSSH 8.0, and Windows Server 2012 indicators, the report enumerates additional related infrastructure and publishes multiple IP addresses as potential IOCs.