New MaaS InfoStealer Malware Campaign Targeting Oil & Gas Sector

Cofense Intelligence reports an active, high-volume phishing campaign targeting the Oil and Gas sector that delivers the Rhadamanthys Stealer via open redirects and an interactive PDF hosted on a newly registered domain (docptypefinder.info). The chain redirects users through legitimate services to a GitHub-hosted ZIP containing the stealer executable; once run, the malware exfiltrates credentials, documents, and cryptocurrency wallets. The report notes a recent major update to the stealer (v5.0), discusses evasion techniques used to bypass secure email gateways, and provides IOCs for detection and response.