Don’t miss out on our latest stories. Add PCMag as a preferred source on Google.
Law enforcement has disrupted three malware strains that cybercriminals were using to infect and hijack Windows PCs in order to steal passwords.
Europol dismantled the servers powering the infostealing malware Rhadamanthys, the remote access Trojan VenomRAT, and Elysium, which focused on trapping PCs in a botnet.
“The dismantled malware infrastructure consisted of hundreds of thousands of infected computers containing several million stolen credentials. Many of the victims were not aware of the infection of their systems,” Europol said.
Europol’s operation involved seizing or disrupting over 1,025 servers and taking control of more than 20 internet domains. In addition, investigators arrested the “main suspect” allegedly behind VenomRAT in Greece on Nov. 3.
This Tweet is currently unavailable. It might be loading or has been removed.
Cybercriminals are reporting that they have lost access to Rhadamanthys, which operated as a subscription-based malware. It has been active for at least three years and can spread through fake sites impersonating official brands, as well as other phishing attacks. A state-sponsored hacking group from Russia also appears to have been using Rhadamanthys.
If installed, Rhadamanthys can take screenshots of a computer screen, while also stealing browser information and cryptocurrency wallet data. Europol is indicating the main suspect behind Rhadamanthys “had access to over 100,000 crypto wallets” belonging to various victims, and “potentially worth millions of Euros.”
VenomRAT operated in a similar fashion, spreading through fake websites, including some impersonating the cybersecurity vendor Bitdefender. If installed, the remote access Trojan could secretly steal passwords while creating a way to hijack the PC. Meanwhile, Elysium appears to be a newer malware strain focused on using infected PCs to create a botnet, a collection of computers that can be harnessed for DDoS attacks and other malicious activities.
Europol took down the malware operations with the help of law enforcement agencies across Europe and the US, as well as cybersecurity vendors such as Proofpoint, CrowdStrike, and Bitdefender.
Despite the crackdown, there are signs that Rhadamanthys remains active, according to one cybersecurity researcher. Still, Europol is also using the news to warn cybercriminals. The agency created a video to troll the operators of Rhadamanthys, teasing the identification of both the malware’s director and customers, following the server and domain seizures.
Europol urges victims to check if their computers have been infected. If so, politie.nl/checkyourhack and haveibeenpwned.com have more resources.
About Our Expert
I’ve been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I’m currently based in San Francisco, but previously spent over five years in China, covering the country’s technology sector.
Since 2020, I’ve covered the launch and explosive growth of SpaceX’s Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I’ve combed through FCC filings for the latest news and driven to remote corners of California to test Starlink’s cellular service.
I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. Earlier this year, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.
I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I’m now following how President Trump’s tariffs will affect the industry. I’m always eager to learn more, so please jump in the comments with feedback and send me tips.
-
This Windows Update Screen Is Actually a Hacker’s Trap
-
Valve Revives Steam Machine With Mini PC Boasting 6x Power of Steam Deck
-
6 YouTube TV Alternatives for Streaming ESPN and ABC
-
Need a Second Starlink Dish? SpaceX Expands $0 Rental Offer to Standard Dish
-
Scam Texts Impersonating E-ZPass and USPS Traced to Chinese Fraudsters
-
More from Michael Kan
