Cybersecurity researchers at AhnLab have discovered a new version of an old malware known as Amadey Bot, which is spread through software cracks and keygens.
Many people around the world would rather download a cracked version of expensive software (e.g. Windows, the Adobe Suite or similar) from a torrent site and follow up on a crack/keygen, than buy a legitimate version that can cost a few dollars . hundred dollars.
These cracks and keygens often cause false positives with antivirus solutions, making them an ideal ass to transport malware, especially if the malware can act fast enough before the victim re-enables the antivirus. That’s exactly the case here, as AhnLab discovered that cybercriminals, through keygens and cracks, were distributing SmokeLoader, a malware dropper coded to infect the endpoint with Amadey Bot.
Steal information and load more malware
Amadey Bot is a four-year-old bot that can perform system exploration and steal information from the target endpoint (opens in new tab)and dropping additional charges. It was also said that when executed, the malware injects “Main Bot” into the current explorer.exe process and hides in plain sight from antivirus programs.
In addition, it copies itself to the TEMP folder called bguuwe.exe, and sets a scheduled task so that it remains on the system even after it is terminated. In addition to analyzing the target system and stealing information, Amadey is also capable of dropping other malware, including, as AhnLab found – RedLine (yuri.exe).
ReadLine is a popular and very powerful stealer that harvests browsers (opens in new tab) for saved passwords, autofill information, credit card information, and the like. the malware (opens in new tab) also performs a system inventory, which collects information such as the user name, location information, hardware configuration, and information about security software installed on the device. Newer Versions Can Even Steal Cryptocurrency Wallets (opens in new tab) information, as well as target FTP and IM clients. It can upload and download files, execute commands and communicate with its C2 server.
The moral of the story is simple: downloading cracked software just isn’t worth it, especially when there are free, cloud-based alternatives everywhere.
- Keep your devices safe with the best antivirus (opens in new tab) solutions nearby
Via: BleepingComputer (opens in new tab)