Amadey Loader

Malware updated 2 months ago (2024-09-18T16:17:43.438Z)

Download STIX

Preview STIX

Amadey Loader is a notorious malware that has been identified as a significant threat to computer systems. This malicious software, designed to exploit and damage your computer or device, can infect systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The malware is distributed via the Amadey loader, which can be spread through phishing emails or downloads from compromised sites. Evidence has surfaced implicating an entity known as Eminem in carrying out cyber attacks using not only Remcos and GuLoader but also well-known malware such as Formbook and Amadey Loader. Despite claims by developers that Remcos and GuLoader are legitimate software, two truly malicious payloads were found within this folder, identified as Amadey Loader and the corresponding GuLoader shellcodes that load and decrypt these payloads. Proof of Eminem’s involvement in the distribution of malware, including the notorious Formbook info stealer and Amadey Loader, has been uncovered. In addition, Proofpoint observed at least five types of malware being delivered in this way, including the Lumma stealer, Amadey Loader, and JaskaGo. These findings present a comprehensive case for the involvement of Eminem in distributing these harmful programs. As a result, users should exercise caution when downloading files, opening emails, or visiting websites to avoid falling victim to such malicious software.

Description last updated: 2024-09-18T16:16:17.476Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Amadey is a possible alias for Amadey Loader. Amadey is a malicious software (malware) that has been known since 2018 and is notorious for stealing credentials from popular browsers and various Virtual Network Computing (VNC) systems. The malware, which is often sold in underground forums, uses sophisticated techniques to infect systems, includ	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Amadey Loader Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	2 months ago	Credential Flusher, understanding the threat and how to protect your login data
DARKReading	5 months ago	Cut & Paste Tactics Import Malware to Unwitting Victims
Checkpoint	a year ago	Unveiling the Shadows: The Dark Alliance between GuLoader and Remcos - Check Point Research