3 matches found
GitHub Abused to Spread Amadey, Lumma and Redline InfoStealers in Ukraine
Hackers abused fake GitHub accounts to spread Emmenhtal, Amadey, Lumma and Redline infoStealers in attacks linked to a phishing campaign targeting Ukraine in early 2025...
MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities
In April 2025 Cisco Talos identified a Malware-as-a-Service MaaS operation that utilized Amadey to deliver payloads. The MaaS operators used fake GitHub accounts to host payloads, tools and Amadey plug-ins, likely as an attempt to bypass web filtering and for ease of use. Several operator tactics...
Emmenhtal Loader Uses Scripts to Deliver Lumma and Other Malware
Emmenhtal Loader uses LOLBAS techniques, deploying malware like Lumma and Amadey through legitimate Windows tools. Its infection chain…...