May 2025 Infostealer Trend Report
This report provides statistics, trends, and case information on the distribution of Infostealer malware, including the distribution volume, methods, and disguises, based on the data collected and analyzed in May 2025. The following is a summary of the report. 1) Data Source and Collection Method AhnLab SEcurity intelligence
Kimsuky Group Uses AutoIt to Create Malware (RftRAT, Amadey)
OverviewInitial Access…. 2.1. Spear Phishing Attack…. 2.2. LNK MalwareRemote Control Malware…. 3.1. XRat (Loader)…. 3.2. Amadey…. 3.3. Latest Attack Cases…….. 3.3.1. AutoIt Amadey…….. 3.3.2. RftRATPost-infection…. 4.1. Keylogger…. 4.2. Infostealer…. 4.3. Other TypesConclusion 1. Overview The Kimsuky threat group, deemed to be supported by North Korea, has been active since
Nitol DDoS Malware Installing Amadey Bot
The ASEC analysis team recently discovered that a threat actor has been using Nitol DDoS Bot to install Amadey. Amadey is a downloader that has been in circulation since 2018, and besides extorting user credentials, it can also be used for the purpose of installing additional malware. Amadey is being
LockBit 3.0 Being Distributed via Amadey Bot
The ASEC analysis team has confirmed that attackers are using Amadey Bot to install LockBit. Amadey Bot, a malware that was first discovered in 2018, is capable of stealing information and installing additional malware by receiving commands from the attacker. Like other malware strains, it is being sold in illegal
Amadey Bot Being Distributed Through SmokeLoader
Amadey Bot, a malware that was first discovered in 2018, is capable of stealing information and installing additional malware by receiving commands from the attacker. Like other malware strains, it has been sold in illegal forums and used by various attackers. The ASEC analysis team previously revealed cases where Amadey
