MADRID, September 23 (Portaltic/EP) –
Researchers at Check Point Research have identified a relationship between the GuLoader and Remcos malicious programs, which are sold as legitimate tools, behind which lies the same cybercriminal, EMINeM.
Remcos Remote Access Trojan and GuLoader (also known as CloudEyE and TheProtect) are advertised as legitimate tools, but are used in cyberattacks and are among the most common malicious programs.
Although its sellers They claim that its use is legalCheck Point Research has detected a connection between these tools and cybercrime: while Remcos struggles to evade antivirus detection, GuLoader acts as your ally, helping you bypass protection measuresas detailed in a press release.
Researchers have discovered that GuLoader is rebranded and sold as a crypter, ensuring that the Remcos payload remains completely undetectable to antiviruses. AND the same administrator manages the platformselling both tools at the same time operates the official website and Telegram channels for Remcos.
As Check Point Research points out, compelling evidence has been found that this individual also uses GuLoader to protect himself from detection. Domain names and IP addresses associated with the Remcos and GuLoader vendor appear in malware analyst reports.
Going deeper into this, Check Point Research researchers have discovered a clear connection between a individual known as EMINeM and two websites: BreakingSecurity and VgoStore. Remcos and GuLoader, rebranded as TheProtect, are openly sold there.
Likewise, they assure that there is evidence of the involvement of EMINeM in the distribution of harmful ‘malware’, such as FormBook info stealer and Amadey Loader. This cybercriminal leverages TheProtect to evade antivirus detection for its own malicious activities.
THE FINANCE AND EDUCATION SECTORS AS KEY OBJECTIVES
According to intelligence from Check Point ThreatCloud AI, GuLoader directs its threat mainly against organizations in the finance and banking sector. According to their data, an average of 2.4 percent of companies globally were affected monthly (equivalent to one in every 41 organizations).
Its most substantial impact has been in the EMEA region, with an average monthly impact of 4.7 percent (equivalent to one in every 21 companies).
For its part, Remcos targets the education and research sectorwith an average of 2.8 percent of organizations globally affected monthly (equivalent to one in 35 organizations).
In this case, they point out that it has the greatest impact in the APAC region, with a monthly average of 2 percent (one in every 50 organizations).