Hackers can now steal people’s cryptocurrency wallet seed phrases even if they’re saved as an image file, experts warn
When a user sets up a new crypto wallet, he or she is given a ‘seedphrase’ – a string of 12 or 24 random words, which can later be used to restore the wallet in a new app or device (in case of loss or theft). Scammers who happen to steal a seed phrase can manage the money in the wallet as they please.
But when someone saves the seed phrase in an image file (for example with a screenshot), the criminals’ job becomes much more difficult.
A very powerful threat
Enter Rhadamanthys version 0.7.0, recently introduced and with new, important bells and whistles. Recorded Future’s Insikt Group recently analyzed this new version and released an in-depth report stating that the infostealer now comes with artificial intelligence (AI) capabilities and enables optical character recognition (OCR).
Together, these two tools are called “Seed Phrase Image Recognition,” which is pretty self-explanatory in the context above.
“This allows Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a very powerful threat to anyone trading cryptocurrencies,” Recorded Future’s Insikt Group said in its analysis. “The malware can recognize client-side seed phrase images and send them back to the command-and-control (C2) server for further exploitation.”
Even before the new features, Rhadamanthys was a powerful and popular infostealer. It was first discovered in 2022 and has since become one of the most formidable pieces of malware. Hackers can subscribe to the service and pay $250 per month for the infostealer (or $550 for 90 days).
The latest version was released in June 2024 and comes as a “complete rewrite of both client- and server-side frameworks, improving the program’s execution stability.” Recorded future completed.
Via The hacker news