Jun 5, 2026
C2 Hosts: 1
Rhadamanthys
According to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.
At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
Linked Threat Actors
Sandworm
C2 Infrastructure
Hosting/VPS 100%
Last 7 days
Jun 3, 2026
C2 Hosts: 3
| Date | C2 Hosts |
|---|---|
| Jun 5, 2026 | 1 |
| Jun 3, 2026 | 3 |
Further Reading
Stargazers Ghost Network - Check Point Research opens in a new tab
Check Point Research identified a network of GitHub accounts (Stargazers Ghost Network) that distribute malware or malicious links via phishing repositories. The network consists of multiple accoun...
research.checkpoint.com
What We Think | Business & Technology Insights opens in a new tab
Accenture thought leadership offers business and technology insights on key market forces & technologies to set your company on the path to value.
accenture.com
GHOSTPULSE haunts victims using defense evasion bag o' tricks — Elastic Security Labs opens in a new tab
Elastic Security Labs reveals details of a new campaign leveraging defense evasion capabilities to infect victims with malicious MSIX executables.
elastic.co
Opnieuw criminele infrastructuur ontmanteld in internationale ransomware-operatie opens in a new tab
In Operatie Endgame zijn deze week belangrijke spelers uitgeschakeld die een sleutelrol hadden in de internationale cybercriminaliteit: een van de grootste infostealers Rhadamanthys, een Remote Acc...
politie.nl
Botnet C&C | Botnet Threat Update January to June 2025 | Report opens in a new tab
spamhaus.org
Botnet C&C | Botnet Threat Update July to December 2025 | Report opens in a new tab
spamhaus.org
A Deep Dive into Water Gamayun's Arsenal and Infrastructure opens in a new tab
Trend Research discusses the delivery methods, custom payloads, and techniques used by Water Gamayun, the suspected Russian threat actor abusing a zero-day vulnerability in the Microsoft Management...
trendmicro.com
Tech Analysis of Rhadamanthys Obfuscation Techniques | Blog opens in a new tab
Rhadamanthys is a malicious information stealer written in C++, which is being distributed mostly via malicious Google advertisements
zscaler.com