Encryption Utility Firm Accused of Bundling Malware Functions in Product

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
An Italian company that sells what it describes as a legitimate encryption utility is being used as malware packer for the cloud-delivered malicious GuLoader dropper, claim researchers. The tool, according a recent investigation, creates GuLoader samples and helps the malware avoid antivirus detection.

For its part, the company claims it has taken steps to prevent bad actors from using its wares for ill.

According to researchers at Check Point, the company identified as CloudEyE is looking to take a piece of the traditional packer and crypter market – a thriving arena that caters to malware authors looking for obfuscation for their wares.

GuLoader is a widespread dropper that compromises targets and then delivers second-stage malware. It’s been constantly updated over the course of 2020, according to Check Point, with new binaries sporting sandbox evasion techniques, code randomization features, command-and-control (C2) URL encryption and additional payload encryption.

“As a result, we can reasonably assume that behind GuLoader there is a major new service” providing various forms of encryption, according to the researchers.

Further investigation uncovered just such a service, which researchers said is “created and maintained by an Italian company that pretends to be completely legitimate and aboveboard, and even has a website in Clearnet that uses the .eu domain zone,” the analysis concluded.

When Threatpost reached out to CloudEyE, a spokesperson said that the company “can help [security researchers] by revoking CloudEyE licenses to the users who are abusing our product.” The person added, “CloudEyE is not connected anymore to hack forums or other hackers’ forums.”
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
CloudEyE is not connected anymore to hack forums or other hackers’ forums
3vmtyHbT_o.jpg
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top