A phishing campaign is targeting European countries with lures themed around copyright infringement, researchers at Cybereason warn.
The phishing emails are designed to deliver the Rhadamanthys infostealer malware.
“These campaigns often involve emails impersonating companies and their legal departments, falsely claiming recipients have violated copyright on social media or elsewhere and demanding content removal,” the researchers write.
“The emails typically contain malicious download links leading to archives hosted on services like Dropbox, Discord, or as in the current campaign - Mediafire through hosted redirects via newly registered domains.”
The campaign is opportunistically targeting entities across Europe as well as Israel, with a focus on Central and Eastern Europe.
“Since the beginning of April 2025, Cybereason has observed the same copyright infringement lures against the following European countries: Albania, Austria, Bulgaria, Germany, Greece, Hungary, Ireland, Israel, Italy, Poland, Portugal, Romania, Slovakia, Slovenia, Spain and the United Kingdom; however, more countries may be targeted in subsequent campaign waves,” the researchers write.
Stealthy malware like Rhadamanthys is frequently used to gather information or gain access to assist in future attacks, often involving ransomware or data-theft extortion.
“These campaigns leverage fear-based, highly localized phishing emails with region-specific language to increase credibility and user engagement,” Cybereason says. “Threat actors employ various techniques to evade detection, including code obfuscation, shellcode encryption, hiding malicious code in resource data, and expanding file sizes.
Persistence mechanisms often involve modifying Windows Registry Run keys. The use of similar phishing infrastructure and delivery mechanisms across campaigns distributing different malware families suggests shared tooling, a possible affiliate model, or coordinated activity among related threat groups.”
New-school security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Cybereason has the story.
Here's how it works:
