LockBit affiliate uses Amadey Bot malware to deploy ransomware

According to a report written by ASEC AhnLab team, an affiliate of LockBit 3.0 ransomware uses phishing emails that install Amadey bot to take control of a device and encrypt devices. 

The threat actor targets companies using phishing emails with decoys pretending to be job offers or copyright infringement notices. Amadey Bot malware is an old strain capable of performing system reconnaissance, data exfiltration and payload loading, including LockBit 3.0 payload. This latest version of Amedy would have added anti-virus detection and automatic avoidance capabilities, making intrusions and payload removal more stealthy. The impact of these phishing campaigns is therefore likely to be significant for the victims targeted by LockBit 3.0. 

Read more about it : here