Threat actors have been leveraging the Amadey bot malware to spread LockBit 3.0 ransomware, according to The Hacker News.
Malicious Microsoft Word files and an executable impersonating a Word file icon are being used to distribute Amadey bot, a criminal-to-criminal info-stealer initially discovered in 2018, a report from AhnLab Security Emergency Response Center revealed. Researchers found that the Word file used to facilitate Amadey distribution features a malicious VBA macro prompting the execution of a Powershell Command. Meanwhile, phishing messages have been used to spread the Resume.exe executable file that poses as a file with the Word icon.
The report also showed that Amadey execution prompts the retrieval and execution of additional commands, including the LockBit 3.0 ransomware strain, also known as LockBit Black. Unveiled in June, LockBit 3.0 features the first-ever ransomware bug bounty program, as well as a revamped dark web portal.
"As LockBit ransomware is being distributed through various methods, user caution is advised," said researchers.
BleepingComputer reports that Knight ransomware was observed by KELA threat analysts to have the third iteration of its source code posted for sale by the operation's representative, Cyclops, on RAMP forums.