The increasingly prevalent GuLoader malware has been traced back to a far-reaching encryption service that attempts to pass as above-board.
An Italian company that sells what it describes as a legitimate encryption utility is being used as malware packer for the cloud-delivered malicious GuLoader dropper, claim researchers. The tool, according a recent investigation, creates GuLoader samples and helps the malware avoid antivirus detection.
For its part, the company claims it has taken steps to prevent bad actors from using its wares for ill.
According to researchers at Check Point, the company identified as CloudEyE is looking to take a piece of the traditional packer and crypter market – a thriving arena that caters to malware authors looking for obfuscation for their wares.