Amadey Bot Spotted Deploying LockBit 3.0 Ransomware on Hacked Machines

The Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned.

“Amadey bot, the malware that is used to install LockBit, is being distributed through two methods: one using a malicious Word document file, and the other using an executable that takes the disguise of the Word file icon,” AhnLab Security Emergency Response Center (ASEC) sagte in a new report published today.

Amadey, first discovered in 2018, is a “criminal-to-criminal (C2C) botnet infostealer project,” as described by the BlackBerry Research and Intelligence Team, and is offered for purchase on the criminal underground for as much as $600.

While its primary function is to harvest sensitive information from the infected hosts, it further doubles up as a channel to deliver next-stage artifacts. Earlier this July, it was spread using SmokeLoader, a malware with not-so-different features like itself.

Just last month, ASEC also found the malware distributed under the disguise of KakaoTalk, an instant messaging service popular in South Korea, as part of a phishing campaign.

The cybersecurity firm’s latest analysis is based on a Microsoft Word file (“심시아.docx“) that was uploaded to VirusTotal on October 28, 2022. The document contains a malicious VBA macro that, when enabled by the victim, runs a PowerShell command to download and run Amadey.

In an alternative attack chain, Amadey is disguised as a seemingly harmless file bearing a Word icon but is actually an executable (“Resume.exe”) that’s propagated via a phishing message. ASEC said it was not able to identify the email used as a lure.

Succeeding in the execution of Amadey, the malware fetches and launches additional commands from a remote server, which includes the LockBit ransomware either in PowerShell (.ps1) or binary (.exe) formats.

LockBit 3.0, also known as LockBit Black, launched in June 2022, alongside a new dark web portal and the very first bug bounty program for a ransomware operation, promising rewards of up to $1 million for finding bugs in its website and software.

“As LockBit ransomware is being distributed through various methods, user caution is advised,” the researchers concluded.

https://thehackernews.com/2022/11/amadey-bot-spotted-deploying-lockbit-30.html?

Kommentar verfassen Kommentieren abbrechen

London, GB

12:38 pm, Juli 8, 2025

21°C

L: 19° | H: 23°

Fühlt sich an wie 21°C° klarer Himmel

Luftfeuchtigkeit: 43 %

Druck: 1018 mb

Wind: 7 mph NNW

Windböe: 13 mph

UV-Index: 0

Niederschlag: 0 mm

Wolken: 0%

Regen Chance: 0%

Sichtbarkeit: 10 km

Sonnenaufgang: 4:53 am

Sonnenuntergang: 9:17 pm

TäglichStündlich

Tägliche VorhersageStündliche Vorhersage

Today 10:00 pm

19° | 23°°C 0 mm 0% 8 mph 43 % 1019 mb 0 mm/h

Tomorrow 10:00 pm

15° | 26°°C 0.1 mm 10% 8 mph 59 % 1023 mb 0 mm/h

Do. Juli 10 10:00 pm

18° | 30°°C 0 mm 0% 7 mph 75 % 1024 mb 0 mm/h

Fr. Juli 11 10:00 pm

19° | 29°°C 0 mm 0% 9 mph 68 % 1023 mb 0 mm/h

Sa. Juli 12 10:00 pm

18° | 28°°C 0 mm 0% 11 mph 71 % 1020 mb 0 mm/h

Today 1:00 pm

21° | 21°°C 0 mm 0% 8 mph 43 % 1018 mb 0 mm/h

Today 4:00 pm

22° | 24°°C 0 mm 0% 7 mph 39 % 1018 mb 0 mm/h

Today 7:00 pm

23° | 24°°C 0 mm 0% 7 mph 33 % 1017 mb 0 mm/h

Today 10:00 pm

19° | 19°°C 0 mm 0% 5 mph 40 % 1019 mb 0 mm/h

Tomorrow 1:00 am

17° | 17°°C 0 mm 0% 5 mph 50 % 1020 mb 0 mm/h

Tomorrow 4:00 am

15° | 15°°C 0 mm 0% 4 mph 59 % 1021 mb 0 mm/h

Tomorrow 7:00 am

16° | 16°°C 0 mm 0% 5 mph 53 % 1021 mb 0 mm/h

Tomorrow 10:00 am

21° | 21°°C 0 mm 0% 6 mph 59 % 1022 mb 0 mm/h

Name	Preis	24H (%)
Bitcoin(BTC)	€92,768.19	0.12%
Ethereum(ETH)	€2,194.63	0.61%
Fesseln(USDT)	€0.85	0.00%
XRP(XRP)	€1.95	0.43%
Solana(SOL)	€128.90	-1.15%
USDC(USDC)	€0.85	0.00%
Dogecoin(DOGE)	€0.146054	0.17%
Shiba Inu(SHIB)	€0.000010	1.16%
Pepe(PEPE)	€0.000009	0.28%

Amadey Bot Spotted Deploying LockBit 3.0 Ransomware on Hacked Machines

Teilen:

Kommentar verfassen Kommentieren abbrechen

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns