The increasingly prevalent GuLoader malware has been traced back to a far-reaching encryption service that attempts to pass as above-board.

An Italian company that sells what it describes as a legitimate encryption utility is being used as malware packer for the cloud-delivered malicious GuLoader dropper, claim researchers. The tool, according a recent investigation, creates GuLoader samples and helps the malware avoid antivirus detection.

For its part, the company claims it has taken steps to prevent bad actors from using its wares for ill.

According to researchers at Check Point, the company identified as CloudEyE is looking to take a piece of the traditional packer and crypter market – a thriving arena that caters to malware authors looking for obfuscation for their wares.

GuLoader is a widespread dropper that compromises targets and then delivers second-stage malware. It’s been constantly updated over the course of 2020, according to Check Point, with new binaries sporting sandbox evasion techniques, code randomization features, command-and-control (C2) URL encryption and additional payload encryption.

“As a result, we can reasonably assume that behind GuLoader there is a major new service” providing various forms of encryption, according to the researchers.

#cloud security #malware #check point #cloudeye #crypter #darkeye #encryption #guloader #italian company #malware #malware analysis #packer #securitycode.eu