Botconf Author Listing

Arie Olshtein


Last known affiliation: Checkpoint

TLP:GREEN
Date: 2024-04-25
Unveiling the Shadows: The Dark Alliance between GuLoader and Remcos
Alexey Bukhteyev 🗣 | Arie Olshtein

Abstract (click to view)

In the ever-evolving landscape of cyber threats, seemingly legitimate tools have taken a dark turn, emerging as potent weapons in the hands of cybercriminals. Notable examples include the Remcos RAT and GuLoader (also known as CloudEyE Protector). Our recent study establishes a strong link between these dual-use agents. While Remcos is easily detected by antivirus solutions, rendering it challenging for criminal purposes, GuLoader provides a means to bypass anti-virus protection seamlessly.

GuLoader, recognized as a shellcode-based loader, facilitates malware evasion of antivirus defenses and utilizes cloud services for encrypted payload storage. In 2020, we exposed a direct connection between GuLoader and CloudEyE Protector, initially presented as a legitimate software protection tool. Subsequently, CloudEyE advertisements nearly vanished from the web, prompting us to question whether CloudEyE Protector reemerged under a new guise.

Video
Scroll to Top