Rhadamanthys Stealer Adds Device Fingerprinting, PNG Steganography Payloads
Summary
Hide ▲
Show ▼
Rhadamanthys Stealer, a popular information stealer, has been updated to include device and web browser fingerprinting capabilities. The malware now uses PNG steganography to conceal its payloads. The threat actor behind Rhadamanthys has also advertised two additional tools, Elysium Proxy Bot and Crypt Service, on their website. The stealer's current version is 0.9.2, and it is available under a malware-as-a-service (MaaS) model with tiered pricing packages. The threat actor has rebranded themselves as "RHAD security" and "Mythical Origin Labs," indicating a long-term business venture. The stealer's capabilities have evolved significantly, posing a comprehensive threat to personal and corporate security. The latest updates include enhanced obfuscation techniques, environment checks, and a Lua runner for additional plugins.
Timeline
-
03.10.2025 18:58 1 articles · 6h ago
Rhadamanthys Stealer Adds Device Fingerprinting and PNG Steganography
Rhadamanthys Stealer version 0.9.2 has been updated to include device and web browser fingerprinting capabilities. The malware now uses PNG steganography to conceal its payloads. The threat actor behind Rhadamanthys has also advertised two additional tools, Elysium Proxy Bot and Crypt Service, on their website. The stealer's capabilities have evolved significantly, posing a comprehensive threat to personal and corporate security.
Show sources
- Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads — thehackernews.com — 03.10.2025 18:58
Information Snippets
-
Rhadamanthys Stealer version 0.9.2 includes device and web browser fingerprinting capabilities.
First reported: 03.10.2025 18:581 source, 1 articleShow sources
- Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads — thehackernews.com — 03.10.2025 18:58
-
The stealer uses PNG steganography to conceal payloads.
First reported: 03.10.2025 18:581 source, 1 articleShow sources
- Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads — thehackernews.com — 03.10.2025 18:58
-
The threat actor behind Rhadamanthys has advertised two additional tools, Elysium Proxy Bot and Crypt Service.
First reported: 03.10.2025 18:581 source, 1 articleShow sources
- Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads — thehackernews.com — 03.10.2025 18:58
-
Rhadamanthys is available in three tiered packages, starting from $299 per month for a self-hosted version to $499 per month with additional benefits.
First reported: 03.10.2025 18:581 source, 1 articleShow sources
- Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads — thehackernews.com — 03.10.2025 18:58
-
The threat actor has rebranded as "RHAD security" and "Mythical Origin Labs."
First reported: 03.10.2025 18:581 source, 1 articleShow sources
- Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads — thehackernews.com — 03.10.2025 18:58
-
The stealer includes a feature to avoid leaking unpacked artifacts by displaying an alert to the user.
First reported: 03.10.2025 18:581 source, 1 articleShow sources
- Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads — thehackernews.com — 03.10.2025 18:58
-
The stealer performs environment checks to ensure it is not running in a sandboxed environment.
First reported: 03.10.2025 18:581 source, 1 articleShow sources
- Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads — thehackernews.com — 03.10.2025 18:58
-
The stealer uses a Lua runner for additional plugins to facilitate data theft and device fingerprinting.
First reported: 03.10.2025 18:581 source, 1 articleShow sources
- Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads — thehackernews.com — 03.10.2025 18:58