Summary
Rhadamanthys, an infostealer, continues to be distributed through malvertising campaigns targeting business users. Threat actors are using decoy websites and impersonating well-known brands to trick users into downloading malware.
Highlights
- 📢 Rhadamanthys is distributed via malspam and malvertising.
- 📢 Google searches for popular software like Notion return malicious ads.
- 📢 Threat actors use decoy websites to deceive users into downloading malware.
- 📢 The initial payload is a dropper that retrieves Rhadamanthys via a URL.
- 📢 The TexBin paste site shows the URL was accessed 8.5K times.
- 📢 Threat actors continue to impersonate well-known brands via sponsored search results.