CloudEyE
CloudEyE is a type of tool that cybercriminals frequently use to make their malicious software more difficult to detect, identify, and analyze. CloudEyE, in particular, appears to share many similarities with the obfuscation technique used by GuLoader, but it lacks some of the Trojan-Downloader features found in the GuLoader project. It also seems that the creators of CloudEyE are trying to pass this project as a legitimate utility that should not be used for nefarious purposes – however, a quick look at their website shows that many of CloudEyE's features are typical for malicious software. It claims to provide customers with the ability to:
- Encrypt the contents of .NET applications – this can protect the malicious code from being detected by antivirus products, and it also makes it difficult to analyze the malicious file's contents.
- It can fetch an encrypted payload from a remote host, decrypt it, and then execute the decrypted file. Typical behavior for advanced Trojan Downloaders.
- It can work as a 'file binder' – cybercriminals rely on such software to combine two files together. For example, a malicious executable and a harmless decoy document – when the user opens the combined file, the executable will launch the background, while the decoy document will be shown in the foreground.
Recently, the CloudEyE service was used in the latest malware project of the RATicate gang – a group of cybercriminals who started to sell their products to likeminded individuals.
The good news is that malware protected by CloudEyE is not undetectable – modern antivirus software is able to identify the malicious contents of the obfuscated files and cease their execution. In the case of CloudEyE, antivirus software may often report it as 'GuLoader' due to the major similarities between the obfuscation techniques they use.
As you can see, cybercriminals rely on a wide range of techniques and tools to increase their malware's chances of penetrating your network's defenses. It is advisable to stay ahead of them by using a reputable and regularly updated anti-malware application that can keep you safe from malware protected by CloudEyE and similar obfuscation tools.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.