Amatera is a malware family tracked across 3 threat clusters and 7 intelligence report mentions on ThreatCluster. First observed January 26, 2026; most recent activity June 11, 2026.
Bitdefender researchers have identified that the Microsoft HTML Application Host (MSHTA) utility is being actively exploited by cybercriminals to deliver a variety of malware, including infostealers and loaders. Despite…
A new campaign is distributing the Amatera infostealing malware by employing a fake CAPTCHA method alongside a signed Microsoft Application Virtualization (App-V) script. This attack utilizes legitimate Microsoft…
GoFlateLoader, a Golang-based malware loader, is being used to deliver various infostealers, including Lumma, Vidar, StealC, Amatera, and Remus. Its design is simple, employing a manual PE loader without advanced…