Weekend Hunt

Research links a Lumma infostealer sample to Amadey malware through shared, recently registered C2/distribution infrastructure, detailing hashes, URLs, domains, IPs, and an SSH key fingerprint while noting many nodes were offline at review time; observed TTPs include distribution via Telegram/cracked apps, malicious CAPTCHAs, and phishing, suggesting a tiered infrastructure serving multiple stealers by victim profile.