Security News > 2020 > June > Encryption Utility Firm Accused of Bundling Malware Functions in Product

An Italian company that sells what it describes as a legitimate encryption utility is being used as malware packer for the cloud-delivered malicious GuLoader dropper, claim researchers.

According to researchers at Check Point, the company identified as CloudEyE is looking to take a piece of the traditional packer and crypter market - a thriving arena that caters to malware authors looking for obfuscation for their wares.

In Check Point's recent investigation of GuLoader, which has ramped up its activity so far this year, the firm noticed that another malware sample was being flagged at as a variant of the dropper.

The obfuscated malware that Check Point said is created by CloudEyE - GuLoader, in other words - is showing up in hundreds of attacks every day in different campaigns, researchers said - most of them rolled out by unsophisticated threat actors.

"Code randomization, evasion techniques and payload encryption used in CloudEyE protect malware from being detected by many of the existing security products on the market. Surprisingly, such a service is provided by a legally registered Italian company that operates a publicly available website which has existed for more than four years."

News URL

https://threatpost.com/legitimate-italian-guloader-obfuscator/156443/