Security News > 2022 > July > Amadey malware pushed via software cracks in SmokeLoader campaign
A new version of the Amadey Bot malware is distributed through the SmokeLoader malware, using software cracks and keygen sites as lures.
Amadey Bot is a malware strain discovered four years ago, capable of performing system reconnaissance, stealing information, and loading additional payloads.
Once Amadey is fetched and executed, it copies itself to a TEMP folder under the name 'bguuwe.
In its latest version, number 3.21, Amadey can discover 14 antivirus products and, presumably based on the results, fetch payloads that can evade those in use.
Amadey uses a program named 'FXSUNATD.exe' for this purpose and performs elevation to admin via DLL hijacking.
To stay clear from the danger of Amadey Bot and RedLine, avoid downloading cracked files, software product activators, or illegitimate key generators that promise free access to premium products.