Robust Version of Amadey Infostealer & Malware Dropper Bypasses AVs

Robust Version of Amadey Infostealer & Malware Dropper Bypasses AVs

The first half of 2022 has felt ceaseless and never-ending when it comes to massive cybersecurity hacks, data breaches, digital scams, ransomware and malware attacks continued expeditiously throughout the beginning of the year. With the Covid-19 pandemic, economic instability, geopolitical unrest, and bitter human rights disputes grinding on around the world, cybersecurity vulnerabilities and digital attacks have found the loopholes to be assiduously devastating all the spheres of life.

Malware is one of the pressing cybersecurity concerns on the rise. As per a threat report published by Sophos, 34% of organizations suffered from security incidents involving malware in 2021.Darkreading emphasizes the importance of cyber-proofing by highlighting the supercharged Version of Amadey Infostealer & Malware Dropper which is capable of bypassing the antiviruses. The advanced,malicious and updated version of “Amadey Bot” is categorized as a trojan and it can facilitate various attack groups including GandCrab ransomware and the FlawedAmmy remote access Trojan (RAT) and TA505 group. Cyber criminals can purchase Amadey on a dark web forum and then use it to perform various malicious tasks. When Amadey gets through a system,it lodges itself in the TEMP folder disguised as startup folder. The trouble arises when the backup has become infected, as a result, Amadey becomes the instigator of the ransomware attack. Upon restoration, the ransomware attack loop cycle by Amadey continues and encryption is started all over again.

Researchers at AhnLab made the discovery that the operators of the new Amadey variant have disguised SmokeLoader in software cracks and fake keys for commercial software that people often use to try and activate pirated software. They further unearthed that the Amadey malware is configured to bypass antivirus tools from 14 different vendors, inclusive of Avast, Avira, BitDefender, Kaspersky, Sophos, and Microsoft’s Windows Defender. Amadey also installs an information stealer Redline in the host system Amadey Bot and additional malware by receiving commands from the attacker. The remedy to fight against the obfuscations of Amadey is to use artificial intelligence-based agents trained for threat detection on millions of both safe and unsafe files. The automated security agents block Amadey based on countless file attributes, malicious behaviors and predictive advantage over zero-day attacks instead of relying on a specific file signature.

Share This On Your Favorite Social Media!