Scammers target Russian bloggers: They steal their personal data in one clever way

Cybercriminals have begun stealing the personal data of Russian bloggers and administrators of popular channels in messengers. They send emails on behalf of well-known companies with a proposal for cooperation and contain a phishing link with technical specifications. This was reported by Kaspersky Lab.

Image source generated by the DALL•E 3 neural network

Attackers send out phishing emails with offers of cooperation, allegedly on behalf of well-known brands. If the victim is interested, they are asked to download the technical specifications and other materials from the website via the link. As a result, the Rhadamanthys stealer penetrates the device and steals data.

Kaspersky Lab

The cyberattack is carried out in several stages. First, the potential target receives a message that looks as if it was sent by an employee of a large Russian company. The victim is offered the opportunity to integrate advertising into the channel. To create the illusion of authenticity, attackers may request an up-to-date price list and statistics for the last 28 days.

If a potential client agrees to contact, they are invited to follow a link that allegedly leads to the official website of the company's partners. There, according to the sender, you can find the technical specifications, contract and promotional video for integration into the blogger's video. To access the materials, you need to enter a password.

However, the archive contains the Rhadamanthys program, which has been actively used by attackers since 2022. If the user installs it, the malicious code can steal confidential data, including accounts, from browsers and messengers on the infected device.

Earlier, Kaspersky Lab reported that there are several ways to detect surveillance through the camera on devices. One of them is to contact a specialist who will help find malicious software. You can also purchase and use a smartphone as an optical detector.