URLhaus - http://w2socks.xyz/uploads/5aba4745e080f54e.msi Malware distribution site: http://w2socks.xyz/uploads/5aba4745e080f54e.msi

The same malware is also being spread by #Amadey pay-per-install (PPI):
➡️ urlhaus.abuse.ch/url/3733103/

We’ve identified an interesting malware family 🔍, which we’ve named #GrokPy due to its use of a Grok LLM model 🤖 to solve and subsequently bypass CAPTCHAs 🔥

The malware gets dropped by #Amadey and:

Potential new stealer dropped by #Amadey 🤖🔍Who can name it? ⤵️

👉 hunting.abuse.ch/hunt/6919ec1...

Botnet C2 domains:
📡defender-temeerty .sbs
📡telemetry-defender .lol

Botnet C2 server:
🛑185.100.157.69:443 (Partner Hosting 🇬🇧)

Malware sample:
📄 bazaar.abuse.ch/sample/903cd...

Lumma Stealer Slowed by Doxxing Campaign The prolific threat actors behind the Lumma Stealer malware have been slowed by an underground doxxing campaign in recent months. Coordinated law enforcemen...

#Cyber #News #Firewall #Daily #Amadey #Bot […]

[Original post on thecyberexpress.com]

We encountered a a new loader advertised as "Morpheus" in underground forums 🕵️, recently dropped by #Amadey ⬇️🪲. Morpheus' C2 protocol is based on HTTP and working with tasks, where each task consists of an ID and a command 📣

Botnet C2: sophos-upd-srv .info 🇳🇱

Campagna MaaS usa Emmenhtal e Amadey per colpire entità ucraine via GitHub. Talos rivela tattiche e IOC per la mitigazione.

#Amadey #CiscoTalos #Emmenhtal #github #MaaS #SmokeLoader #ucraina
www.matricedigitale.it/2025/07/17/o...

StealC Malware Gets a Major Upgrade, Becomes More Dangerous   A harmful computer virus called StealC has recently been updated. It is now harder to detect and better at stealing personal data from users. This malware has been around for a few years, but its latest version makes it even more of a threat. What is StealC? StealC is a type of malicious software known as an "info-stealer." It is designed to sneak into your computer, steal personal data like saved passwords and cookies, and even help other harmful programs get inside. It became popular on hacker forums in 2023, with access sold for about $200 per month. In 2024, it was widely used in fake online ads. Some attacks locked devices into a mode where users could not do anything except follow the attacker's instructions. This showed how advanced and harmful StealC could be. Later that year, it was discovered that the malware could get around new security features in Google Chrome. These protections were meant to stop attackers from stealing browser cookies, but StealC found a way to bypass them and steal old cookies to hijack Google accounts. What's New in the 2025 Version A fresh version of StealC was released to cybercriminals in March 2025. Since then, a few more updates have improved it even further. Experts who studied it found several key changes: 1. It can now install itself using different types of files, such as .exe programs, PowerShell commands, and software installers. 2. The new version uses strong encryption to hide its activity, making it harder for security tools to notice. 3. It now works better on modern computers and can delete itself after stealing data, leaving fewer traces behind. 4. Hackers can use built-in tools to adjust what kind of data StealC should look for. 5. It can even take screenshots of what’s on your screen, even if you use more than one monitor. 6. Alerts can be sent directly to hackers through the Telegram messaging app. However, some older features were removed. For example, it no longer checks for virtual machines or downloads certain file types. Experts think this may be temporary and those features could return in later updates. How It's Being Spread StealC is now being spread using other malware. One example is Amadey, which helps deliver StealC to victims’ devices. Different attackers may use different methods depending on their goals. How to Stay Protected To avoid falling victim to malware like StealC: • Avoid saving sensitive data like passwords in your browser. • Turn on two-factor authentication for your accounts. • Never download pirated software or apps from shady websites. Cyberattacks are always evolving, so it’s important to stay informed and cautious while online.

StealC Malware Gets a Major Upgrade, Becomes More Dangerous #2FA #Amadey #InfoStealer

Just discovered a staged dropper chain (Amadey + RedLine Stealer)
hiding inside iolo’s AV SDK folder.
Defender: "threat not fully removed".

Confirmed by Dr.Web LiveDisk. SSD removed.
Full writeup + screenshots coming.

Anyone else seen AVs protecting the malware itself?

#infosec #malware #amadey

Another day, another #Amadey 📅👀 This time dropping #SystemBC ⤵️

Amadey botnet C2:
📡cobolrationumelawrtewarms .com
📡107.189.27.66 (AS14956 ROUTERHOSTING 🇳🇱)

SystemBC payload:
📄bazaar.abuse.ch/sample/c13d59dc2e8ee1cbd...

We have observed #Amadey (ID: 092155) dropping #BumbleBee on an infected device, leveraging a new DGA seed 🔥

DGA domains:
🌐https://threatfox.abuse.ch/browse/tag/e5774fe6340da26c/

Malware sample:
📄bazaar.abuse.ch/sample/f39ac7d6c65d67bca...

Le malware Amadey vous force à entrer vos identifiants Google : voici comment échapper à ce vol d'informations Il se balade sur le Web depuis le mois d'août et s'appelle Amadey. Mais attention, il s'agit d'un malware qui verrouille votre navigateur en mode kiosque sur la page de connexion Google. Il joue sur vos nerfs et vous incite à saisir vos identifiants pour les voler.

🌍 #𝗖𝗬𝗕𝗘𝗥𝗩𝗘𝗜𝗟𝗟𝗘 🌍
Le malware #Amadey vous force à entrer vos identifiants Google : voici comment échapper à ce vol d'informations

buff.ly/47vPpnH