Hackers can now steal people’s cryptocurrency wallet seed phrases, even when they are stored as an image file, experts have warned

When a user sets up a new crypto wallet, they get a “seed phrase” - a set of 12 or 24 random words, which can later be used to restore the wallet in a new app or device (in case of loss or theft). Crooks that happen to steal a seed phrase can manage the money found in the wallet however they like.

But when a person saves the seed phrase in an image file (for example, with a screenshot), it makes the criminals’ job that much harder.

A highly potent threat

Enter Rhadamanthys version 0.7.0, recently introduced and carrying new, important bells and whistles. Recorded Future's Insikt Group recently analyzed this new version and released an in-depth report, which states that the infostealer now comes with Artificial Intelligence (AI) capabilities, and allows for optical character recognition (OCR).

Together, these two tools are called "Seed Phrase Image Recognition" which, in the above context, is pretty self explanatory.

"This allows Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a highly potent threat for anyone dealing in cryptocurrencies," Recorded Future's Insikt Group said in its analysis. "The malware can recognize seed phrase images on the client side and send them back to the command-and-control (C2) server for further exploitation."

Even before the new features, Rhadamanthys was a potent, and popular infostealer. It was first discovered back in 2022, and has since grown into one of the most formidable pieces of malware. Hackers can subscribe to the service, paying $250 a month for the infostealer (or $550 for 90 days).

The latest version was released in June 2024, and comes as a "complete rewrite of both client-side and server-side frameworks, improving the program's execution stability." Recorded Future concluded.

Via The Hacker News

More from TechRadar Pro