Derp.ca
← All malware

Rhadamanthys

According to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.

At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.

Linked Threat Actors

Sandworm

Last 7 days

Mar 1, 2026
C2 Hosts: 1
Feb 28, 2026
C2 Hosts: 1

Further Reading

Botnet C&C | Botnet Threat Update January to June 2025 | Report
spamhaus.org
Botnet C&C | Botnet Threat Update July to December 2025 | Report
spamhaus.org
A Deep Dive into Water Gamayun's Arsenal and Infrastructure

Trend Research discusses the delivery methods, custom payloads, and techniques used by Water Gamayun, the suspected Russian threat actor abusing a zero-day vulnerability in the Microsoft Management...

trendmicro.com
Tech Analysis of Rhadamanthys Obfuscation Techniques | Blog

Rhadamanthys is a malicious information stealer written in C++, which is being distributed mostly via malicious Google advertisements

zscaler.com