The latter serves as the starting point for decoding and unpacking each stage, and ultimately launching the hidden virus.īatCloak has received many updates and adaptations since it first appeared in the wild (ITW). The final payload is a “three-layer loader” – a C# loader, a PowerShell loader, and a batch loader. It has since been copied, modified and ported to other programming languages. The Jlaive tool was published on GitHub and GitLab in September 2022 by a developer under the pseudonym ch2sh as “ EXE to BAT crypter“. Let me remind you that we also wrote that ChatGPT Has Become A New Tool For Cybercriminals In Social Engineering, and also that Russian Hacker Sells Terminator Tool That Is Allegedly Able To Bypass Any Antivirus Programs.īatCloak is the basis for a batch file building tool called Jlaive that can bypass the Antimalware Scan Interface ( AMSI) and compress and encrypt the main payload to increase evasion levels. Of the 784 malware detected by researchers, almost 80% were not detected by any of VirusTotal’s antivirus engines. Trend Micro researchers reported recently that since September 2022, attackers have been actively using a malware obfuscation engine called BatCloak, which allows cybercriminals to effectively hide malicious code from antivirus solutions.Īccording to experts, with BatCloak attackers can easily download different families of malware and exploits through heavily obfuscated batch files.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |