Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
Carding News
The Amadey Trojan as an Undercover Agent PDF
Message
<blockquote data-quote="Brianwill" data-source="post: 721" data-attributes="member: 15"><p>A harmless PDF can take control of your data.</p><p></p><p>Cybersecurity experts from the 360 Threat Intelligence Center team have discovered a new campaign by the APT-C-36 group, known for its targeted phishing attacks. This time, cybercriminals decided to step up their attacks by introducing the Amadey Trojan into a campaign to distribute malicious PDF documents.</p><p></p><p>The Amadey Trojan first appeared on the market in October 2018 and is a modular botnet capable of bypassing the protection of internal networks, stealing information, remotely managing infected systems, performing DDoS attacks, and other actions.</p><p></p><p>The detected documents contain a malicious VBS script that is downloaded from cloud services and disguised as an encrypted compressed packet. Once activated, the script uses Powershell to execute malicious code represented in Base64 encoding.</p><p></p><p>net_dll, a component often used by APT — C-36 for Reflective DLL Loading, and Amadey itself were detected as part of the loaded payloads. Attackers can use the Trojan to perform a wide range of actions, including data theft and Lateral Movement within the network.</p><p></p><p>During the attack, the Trojan is integrated into the system process, which allows it to operate unnoticed in the infected system. After gaining control, Amadey downloads additional malicious files, including components for collecting confidential information and executing malicious scripts.</p><p></p><p>Each step of the attack is coordinated with the Command and Control server (C2), which receives data about the infected computer from the Trojan. This communication allows APT-C-36 operators to monitor malware deployment and collect data.</p><p></p><p>It is important to note that the methods used in this attack are similar to those used by hackers in the past, which indicates their preference for proven approaches. However, the active introduction of new tools and improvements to existing tactics indicates that APT-C-36 continues to develop its capabilities.</p><p></p><p>Experts warn that the group's actions are not limited to one region, and their attacks affect users around the world. With the development of APT-C-36 tactics and tools, we can expect an increase in the number and complexity of targeted attacks, which requires increased attention to cybersecurity measures on the part of organizations and individuals.</p></blockquote><p></p>
[QUOTE="Brianwill, post: 721, member: 15"] A harmless PDF can take control of your data. Cybersecurity experts from the 360 Threat Intelligence Center team have discovered a new campaign by the APT-C-36 group, known for its targeted phishing attacks. This time, cybercriminals decided to step up their attacks by introducing the Amadey Trojan into a campaign to distribute malicious PDF documents. The Amadey Trojan first appeared on the market in October 2018 and is a modular botnet capable of bypassing the protection of internal networks, stealing information, remotely managing infected systems, performing DDoS attacks, and other actions. The detected documents contain a malicious VBS script that is downloaded from cloud services and disguised as an encrypted compressed packet. Once activated, the script uses Powershell to execute malicious code represented in Base64 encoding. net_dll, a component often used by APT — C-36 for Reflective DLL Loading, and Amadey itself were detected as part of the loaded payloads. Attackers can use the Trojan to perform a wide range of actions, including data theft and Lateral Movement within the network. During the attack, the Trojan is integrated into the system process, which allows it to operate unnoticed in the infected system. After gaining control, Amadey downloads additional malicious files, including components for collecting confidential information and executing malicious scripts. Each step of the attack is coordinated with the Command and Control server (C2), which receives data about the infected computer from the Trojan. This communication allows APT-C-36 operators to monitor malware deployment and collect data. It is important to note that the methods used in this attack are similar to those used by hackers in the past, which indicates their preference for proven approaches. However, the active introduction of new tools and improvements to existing tactics indicates that APT-C-36 continues to develop its capabilities. Experts warn that the group's actions are not limited to one region, and their attacks affect users around the world. With the development of APT-C-36 tactics and tools, we can expect an increase in the number and complexity of targeted attacks, which requires increased attention to cybersecurity measures on the part of organizations and individuals. [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
Carding News
The Amadey Trojan as an Undercover Agent PDF
Top