Select Page

The Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned.

“Amadey bot, the malware that is used to install LockBit, is being distributed through two methods: one using a malicious Word document file, and the other using an executable that takes the disguise of the Word file icon,” AhnLab Security Emergency Response Centre (ASEC) said in a new report published today.

Amadey, first discovered in 2018, is a “criminal-to-criminal (C2C) botnet infostealer project,” as described by the BlackBerry Research and Intelligence Team, and is offered for purchase on the criminal underground for as much as $600.

While its primary function is to harvest sensitive information from the infected hosts, it further doubles up as a channel to deliver next-stage artefacts. Earlier this July, it was spread using SmokeLoader, a malware with not-so-different features like itself.

Just last month, ASEC also found the malware distributed under the disguise of KakaoTalk, an instant messaging service popular in South Korea, as part of a phishing campaign.

images from Hacker News