A phishing marketing campaign is concentrating on European international locations with lures themed round copyright infringement, researchers at Cybereason warn.
The phishing emails are designed to ship the Rhadamanthys infostealer malware.
“These campaigns usually contain emails impersonating firms and their authorized departments, falsely claiming recipients have violated copyright on social media or elsewhere and demanding content material removing,” the researchers write.
“The emails sometimes comprise malicious obtain hyperlinks resulting in archives hosted on providers like Dropbox, Discord, or as within the present marketing campaign – Mediafire by hosted redirects by way of newly registered domains.”
The marketing campaign is opportunistically concentrating on entities throughout Europe in addition to Israel, with a deal with Central and Japanese Europe.
“Because the starting of April 2025, Cybereason has noticed the identical copyright infringement lures towards the next European international locations: Albania, Austria, Bulgaria, Germany, Greece, Hungary, Eire, Israel, Italy, Poland, Portugal, Romania, Slovakia, Slovenia, Spain and the UK; nonetheless, extra international locations could also be focused in subsequent marketing campaign waves,” the researchers write.
Stealthy malware like Rhadamanthys is often used to collect data or achieve entry to help in future assaults, usually involving ransomware or data-theft extortion.
“These campaigns leverage fear-based, extremely localized phishing emails with region-specific language to extend credibility and consumer engagement,” Cybereason says. “Risk actors make use of varied methods to evade detection, together with code obfuscation, shellcode encryption, hiding malicious code in useful resource information, and increasing file sizes.
Persistence mechanisms usually contain modifying Home windows Registry Run keys. Using comparable phishing infrastructure and supply mechanisms throughout campaigns distributing totally different malware households suggests shared tooling, a doable affiliate mannequin, or coordinated exercise amongst associated menace teams.”
New-school safety consciousness coaching may give your group a necessary layer of protection towards social engineering assaults. KnowBe4 empowers your workforce to make smarter safety choices each day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and cut back human threat.
Cybereason has the story.
