Amadey, an established malware loader active since at least 2018, was observed downloading second-stage payloads from a hijacked self-hosted GitLab instance hosted onĀ gitlab[.]bzctoons[.]net. The infrastructure appears to belong to a legitimate organization, with evidence sugg...
Amadey, an established malware loader active since at least 2018, was observed downloading second-stage payloads from a hijacked self-hosted GitLab instance hosted onĀ gitlab[.]bzctoons[.]net. The infrastructure appears to belong to a legitimate organization, with evidence sugg...
Source: Wiz
Source Link: https://threats.wiz.io/all-incidents/amadey-loader-abuses-compromised-self-hosted-gitlab-to-deliver-stealc-infostealer