Threat Research

    Amadey Exploiting Self-Hosted GitLab to Distribute StealC

    Amadey is a malware loader active since 2018, commonly used to deploy second-stage payloads and infostealers. Historically, it has distributed payloads via GitHub repositories. Recent activity reveals a new campaign abusing a compromised, self-hosted GitLab instance to deliver the StealC infostealer....
    12/23/2025  0
    Read More »

    MaaS Operation Using Emmenhtal and Amadey Linked to Threats Against Ukrainian Entities

    In early February 2025, a phishing campaign targeting Ukrainian entities used invoice and billing-themed emails containing compressed archives with obfuscated JavaScript files. These files deployed PowerShell downloaders to install SmokeLoader, leveraging the Emmenthal loader....
    7/18/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.