Hackers can now steal seed phrases from people's cryptocurrency wallets, even when they are stored as an image file, experts have warned.
When a user sets up a new crypto wallet, they get a “seed phrase,” a set of 12 or 24 random words, which can then be used to restore the wallet to a new app or device (in case of loss or theft). . Criminals who steal a seed phrase can manage the money in the wallet however they want.
But when a person saves the seed phrase to an image file (for example, with a screenshot), the criminals' job becomes much more difficult.
A very powerful threat
Enter Rhadamanthys version 0.7.0, recently introduced and featuring new and important features. Recorded Future's Insikt Group recently analyzed this new version and published an in-depth report, which claims that the information stealer now comes with Artificial Intelligence (AI) capabilities and enables optical character recognition (OCR).
Together, these two tools are called “Phrase-Starting Image Recognition” which, in the above context, is pretty self-explanatory.
“This allows Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a very potent threat to anyone dealing in cryptocurrencies,” Recorded Future's Insikt Group said in its analysis. “The malware can recognize seed phrase images on the client side and send them back to the command and control (C2) server for further exploitation.”
Even before the new features, Rhadamanthys was a powerful and popular information thief. It was first discovered in 2022 and has since become one of the most formidable pieces of malware. Hackers can subscribe to the service by paying $250 per month for the information thief (or $550 for 90 days).
The latest version was released in June 2024 and comes as a “complete rewrite of the client-side and server-side frameworks, improving the runtime stability of the program.” Future engraving concluded.
Through Hacker News