“As a result, we can reasonably assume that behind GuLoader there is a major new service” providing various forms of encryption, according to the researchers.įurther investigation uncovered just such a service, which researchers said is “created and maintained by an Italian company that pretends to be completely legitimate and aboveboard, and even has a website in Clearnet that uses the.
CLOUDEYE CRYPTER CODE
It’s been constantly updated over the course of 2020, according to Check Point, with new binaries sporting sandbox evasion techniques, code randomization features, command-and-control (C2) URL encryption and additional payload encryption. GuLoader is a widespread dropper that compromises targets and then delivers second-stage malware. The tool, according a recent investigation, creates GuLoader samples and helps the malware avoid antivirus detection.įor its part, the company claims it has taken steps to prevent bad actors from using its wares for ill.Īccording to researchers at Check Point, the company identified as CloudEyE is looking to take a piece of the traditional packer and crypter market – a thriving arena that caters to malware authors looking for obfuscation for their wares. An Italian company that sells what it describes as a legitimate encryption utility is being used as malware packer for the cloud-delivered malicious GuLoader dropper, claim researchers.
0 kommentar(er)
