These connections apparently helped the group get their legitimate business off the ground. The posts advertised malware/binary crypting services even before DarkEyE (CloudEyE’s precursor), and went as far back as 2011, showing how entrenched and well-connected this user was in the cybercrime and malware community. In addition, Check Point says it also tracked these three email addresses and usernames to multiple posts on hacking forums. The cyber-security firm connected the CloudEyE binary protecting service advertised on the website to ads promoting a malware crypting service named DarkEyE, heavily advertised on hacking forums as far back as 2014.įurthermore, Check Point also linked three usernames and emails used to promote DarkEyE to the real-world identity of one of the CloudEyE founders, as displayed on the CloudEyE website. CloudEyE app linked to defunct malware crypter DarkEyEĬheck Point says it found references in the GuLoader code mentioning CloudEyE Protector, an anti-reverse-engineering software service provided by an Italian company named CloudEyE.īut while source code protection services are legal and widely used, almost by all commercial/legitimate apps, Check Point said it linked this company and its owners to activity on hacking forums going back years. The company’s secret business came to light after security researchers from Check Point began looking at GuLoader, a new malware strain that rose to become one of the most active malware operations of 2020. For the past four years, an Italian company has operated a seemingly legitimate website and business, offering to provide binary protection against reverse engineering for Windows applications, but has secretly advertised and provided its service to malware gangs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |