Rhadamanthys, an infostealer, continues to be distributed through malvertising campaigns targeting business users. Threat actors are using decoy websites and impersonating well-known brands to trick users into downloading malware.


  • 📢 Rhadamanthys is distributed via malspam and malvertising.
  • 📢 Google searches for popular software like Notion return malicious ads.
  • 📢 Threat actors use decoy websites to deceive users into downloading malware.
  • 📢 The initial payload is a dropper that retrieves Rhadamanthys via a URL.
  • 📢 The TexBin paste site shows the URL was accessed 8.5K times.
  • 📢 Threat actors continue to impersonate well-known brands via sponsored search results.