{
	"id": "87b879c0-9551-4391-8cb4-74af72e21bce",
	"created_at": "2026-05-05T02:46:03.617099Z",
	"updated_at": "2026-05-05T02:46:37.009688Z",
	"deleted_at": null,
	"sha1_hash": "c87fa3f05bf5631c3b1649843e8a54c611be9034",
	"title": "Approaching stealers devs : a brief interview with Amadey",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1420402,
	"plain_text": "Approaching stealers devs : a brief interview with Amadey\r\nBy g0njxa\r\nPublished: 2023-12-02 · Archived: 2026-05-05 02:17:21 UTC\r\n5 min read\r\nDec 2, 2023\r\nTo completely understand what’s going on in a market that has been growing in the last years I found mandatory\r\nto know which players are dominating it. Always remember that behind every user of the Internet there is another\r\nhuman like you, so if you can be kind enough to reach them and they agree, you can have a little talk. Asking\r\nthings is not a crime.\r\nPlease note everything that stated on this blog has only an informational purpose. I will never promote the use\r\nof these products.\r\nhttps://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-amadey-56c8c6ea0ad6\r\nPage 1 of 8\n\nLet’s see, Amadey Loader: a talk with InCrease, owner of Amadey.\r\nThe interview was made in English, everything shown here is the original text of the interview.\r\nAmadey is a malware known as a “loader”: its main functionality is to load other payloads (called “tasks”) for all\r\nor specifically targeted computers compromised by the malware. In this case, he says that another famous “loader”\r\n(Smoke Loader) didn’t meet the requirements of his work and developed his own tool. That’s why Amadey was\r\ncreated.\r\nAmadey was (and is) developed by his owner, InCrease. As I understood, the project is only managed by him, and\r\nthe initial budget was raised by an unknown investor.\r\nWas “a1” a better name than Amadey? The argument about search engine indexation was outdated a long time\r\nago.\r\nhttps://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-amadey-56c8c6ea0ad6\r\nPage 2 of 8\n\nAmadey works perfectly without errors, and if some error is found, it is the “tester’s” fault. We can consider the\r\ntester as the customer.\r\nRecently Amadey was at its 5th anniversary:\r\nhttps://x.com/g0njxa/status/1713264658747166799\r\nhttps://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-amadey-56c8c6ea0ad6\r\nPage 3 of 8\n\nA big update was released at the 5th anniversary (Amadey V4). Find the release statement here:\r\nhttps://x.com/g0njxa/status/1715089181071016073\r\ngcc Amadey.c -o Amadey\r\nPlease find the original release statement where he talks about the v2.00 updates:\r\nAUGUST 24, 2020\r\nНемного новостей - полным ходом идет закрытое альфа тестирование версии 2.00\r\n[!] Так как за два года текущий код всем прилично примелькался.... Полностью новый ЕХЕ, дру\r\n[!] По вышеуказаной причине - без проблем x64 версия.\r\n[+] Правильный (!) запуск вашего шеллкода в памяти (fileless | bodyless | безфайловый)! + Пр\r\n Долгое время не удавалось правильно реализовать этот момент в связи с его сложностью и\r\n[+] Новый автозапуск! Абсолютно без реестра.\r\n[+] Улучшена система скачивания, в случае неудачи лоадер будет пытаться еще несколько раз, н\r\n[+] Система контроля за исполнением загруженных и запущенных файлов - перезапуск в случае\r\n[+] Система контроля за основным файлом - если процесс кем-то или чем-то снят, то он будет\r\n[?] Система контроля за основным файлом, автоматическое скачивание с СС в случае его удален\r\n[+] Новая система обфускации - уже более месяца удачно применяется на версиях 1.99.х и усп\r\n[+] Улучшена логика потоков, как и в сегодняшнем обновлении 1.99.5\r\n[+] Улучшена Панель Управления | Command Center, расширена статистика по заданим для юнита, д\r\n[?] Тестируются новые решения выхода из Low Mode\r\n[+] Убраны моменты, за которые очень цеплясь АВ, такие как получение ИД например.\r\n[+] Новая система плагинов, в основном нацеленная на определение разрядности ОС и использо\r\nhttps://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-amadey-56c8c6ea0ad6\r\nPage 4 of 8\n\n[+] Улучшена и без того отличная стабильность(!) Альфа версия - 500 тысяч синхронизаций с СС\r\n[*] Еще много major/minor фишек/плюшек/нововведений/красивых решений и т.д. о которых буд\r\n[*] Релиз запланирован на октябрь-ноябрь 2020.\r\nP/S После релиза скидки точно будут отменены на ближайшие пол-года/год.\r\nAmadey follow its own Anti-CIS policies.\r\nGet g0njxa’s stories in your inbox\r\nJoin Medium for free to get updates from this writer.\r\nRemember me for faster sign in\r\nAmadey owner says that his product is completely harmless and he is against the use of it, if it is used against\r\nlocal laws.\r\nhttps://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-amadey-56c8c6ea0ad6\r\nPage 5 of 8\n\nAs said before, he states that if there is any issue with Amadey, is the fault of the client, “tester”, customer as a\r\nresult of misconfigurations.\r\nhttps://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-amadey-56c8c6ea0ad6\r\nPage 6 of 8\n\nAmadey was asked about these issues based on the findings of an amazing security researcher: @evstykas\r\nIn his DEFCON 31 (2023) presentation: The Art of Compromising C2 Servers: A Web Application Vulnerabilities\r\nPerspective, Vangelis Stykas exposed how he was able to find multiple vulnerabilities ON the Amadey’s code.\r\nhttps://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-amadey-56c8c6ea0ad6\r\nPage 7 of 8\n\nPlease if you still didn’t watched this presentation, I found mandatory to watch it:\r\nAs exposed, starting at December 2022 until the patch at June 2023, more than a thousand Amadey instances were\r\naccessed with over 7 million devices compromised. Amadey owner denies these statements.\r\nhVNC is a common feature on Remote Access Tools, and soon will be a feature of Amadey.\r\nWhat should be considered a “criminal”?\r\nThe end?\r\nRemember to check the other interviews at: g0njxa — Medium\r\nExpect more content,\r\nBest regards.\r\n@g0njxa\r\nSource: https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-amadey-56c8c6ea0ad6\r\nhttps://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-amadey-56c8c6ea0ad6\r\nPage 8 of 8\n\n  https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-amadey-56c8c6ea0ad6     \nAmadey was asked about these issues based on the findings of an amazing security researcher: @evstykas \nIn his DEFCON 31 (2023) presentation: The Art of Compromising  C2 Servers: A Web Application Vulnerabilities\nPerspective, Vangelis Stykas exposed how he was able to find multiple vulnerabilities ON the Amadey’s code.\n    Page 7 of 8",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-amadey-56c8c6ea0ad6"
	],
	"report_names": [
		"approaching-stealers-devs-a-brief-interview-with-amadey-56c8c6ea0ad6"
	],
	"threat_actors": [],
	"ts_created_at": 1777949163,
	"ts_updated_at": 1777949197,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c87fa3f05bf5631c3b1649843e8a54c611be9034.pdf",
		"text": "https://archive.orkl.eu/c87fa3f05bf5631c3b1649843e8a54c611be9034.txt",
		"img": "https://archive.orkl.eu/c87fa3f05bf5631c3b1649843e8a54c611be9034.jpg"
	}
}