BTC $56051.8376
ETH $3218.1633
BNB $396.4199
SOL $110.7149
XRP $0.5519
ADA $0.6156
AVAX $39.1198
DOGE $0.0917
TRX $0.1407
wstETH $3728.9977
LINK $19.0128
DOT $8.0469
WETH $3193.8813
MATIC $1.0418
UNI $10.7764
WBTC $55911.0276
IMX $3.3222
ICP $12.9221
BCH $297.7215
LTC $75.3171
CAKE $3.2025
FIL $8.1465
ETC $28.0611
RNDR $7.5168
KAS $0.1715
DAI $1.0043
HBAR $0.1103
ATOM $11.0992
VET $0.0490
INJ $36.1781
TON $2.1807
OKB $51.3647
STX $3.1226
LDO $3.5279
FDUSD $0.9998
XMR $138.2001
TIA $17.3425
ARB $1.9103
NEAR $3.9893
XLM $0.1190
GRT $0.2848
ENS $22.1628
THETA $2.1616
WEMIX $2.1065
APEX $2.4652
MKR $2118.4103
BEAM $0.0360
BTC $56051.8376
ETH $3218.1633
BNB $396.4199
SOL $110.7149
XRP $0.5519
ADA $0.6156
AVAX $39.1198
DOGE $0.0917
TRX $0.1407
wstETH $3728.9977
LINK $19.0128
DOT $8.0469
WETH $3193.8813
MATIC $1.0418
UNI $10.7764
WBTC $55911.0276
IMX $3.3222
ICP $12.9221
BCH $297.7215
LTC $75.3171
CAKE $3.2025
FIL $8.1465
ETC $28.0611
RNDR $7.5168
KAS $0.1715
DAI $1.0043
HBAR $0.1103
ATOM $11.0992
VET $0.0490
INJ $36.1781
TON $2.1807
OKB $51.3647
STX $3.1226
LDO $3.5279
FDUSD $0.9998
XMR $138.2001
TIA $17.3425
ARB $1.9103
NEAR $3.9893
XLM $0.1190
GRT $0.2848
ENS $22.1628
THETA $2.1616
WEMIX $2.1065
APEX $2.4652
MKR $2118.4103
BEAM $0.0360
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • GuLoader downloader has become a major threat to e-commerce in the most technologically advanced countries


    GuLoader is now distributed through the Winamp player developer.

    Security company Trellix said e-commerce industries in South Korea and the United States are under threat from the ongoing GuLoader malware campaign.

    GuLoader (CloudEyE) is a VBS (Visual Basic Script, VBS) loader that is used to distribute RAT Trojans such as Remcos. It was first discovered in 2019.

    The hackers moved from infected Microsoft Word documents to NSIS executables to download malware. The campaign targets not only the US and South Korea, but also Germany, Saudi Arabia, Taiwan and Japan.

    An NSIS (Nullsoft Scriptable Install System) file is an open source script-driven tool used to develop Windows OS installers. The developer of NSIS is Nullsoft, the author of the Winamp player.

    The detected campaign uses NSIS files embedded in ZIP or ISO images to activate the infection. Images are distributed via phishing emails to victim companies. Injecting malicious executables into archives and images allows attackers to evade detection, according to Trellix researchers.

    Over the course of 2022, the NSIS scripts used to deliver the GuLoader have become more sophisticated, with additional layers of obfuscation and encryption to hide the shellcode, experts say.

    The specialists noted that the migration of the GuLoader shellcode to NSIS executables is a prime example of how cybercriminals are inventive and persistent in evading detection, preventing sandbox analysis and hindering reverse engineering.

    Author DeepWeb
    A list of more than 17,000 IP addresses from which mass DDoS attacks are carried out has been published
    More than 100 hacker groups use ransomware in attacks

    Comments 0

    Add comment