Skip to main content

Home Amadey Infostealer

Amadey Infostealer

Also known as: Amadey bot

Category: Malware

Type: Information stealer, trojan, botnet, password-stealing virus, banking malware, spyware, keylogger

Platform: Windows

Damage potential: Stolen credentials, identity theft, fraudulent transactions, financial loss, DDoS attacks


Amadey is an information-stealing malware sold on dark web forums since 2018. With Amadey, cybercriminals can record keystrokes on a victim’s keyboard and send this information to a remote server that they control. This way, they can steal the victim’s sensitive data, such as passwords or credit card details.

Using the stolen credentials, cybercriminals unlock the victim’s accounts (emails, online banking, and cryptocurrency wallets) to make transactions or send spam emails to spread the malware further. In other cases, hackers add the infected computer to a botnet to launch DDoS attacks.

Possible symptoms

Since this malware steals and sends information, it often causes an unusual increase in disk and network activity. Other possible symptoms include:

  • Inability to start the computer in safe mode.
  • Unexpected system crashes.
  • Slower computer performance than usual.
  • An error message while logging into your accounts, even if your credentials are correct.

Sources of infection

Like most other types of malware, Amadey Infostealer spreads through infected email attachments, malicious ads, pirated software, and P2P (peer to peer) sharing of malware-ridden files.


You can protect yourself from Amadey and similar threats by being cautious online.

  • Do not open files or links in suspicious emails, especially from unknown senders.
  • Only download software from official websites.
  • Scan downloaded files for malware and hide harmful ads with NordVPN’s Threat Protection.
  • Make sure your operating system and all software are updated.
  • Use a reputable antivirus software or anti-malware solution to detect and block threats like Amadey.
  • Enable multi-factor authentication (MFA) to prevent cybercriminals from using your accounts, even if they breached your passwords.


If you think your device might be infected by Amadey Infostealer, use a reliable antivirus solution to detect and remove the threat.

  • Run a full system scan.
  • Follow the steps suggested by your antivirus software.
  • Run a post-removal scan to ensure no traces are left.