Exposed: Italian Company Fronting for Guloader Malware Operations

CloudEye Software company based in Italy has been discovered as a front for Guloader malware operation.

Check Point Software Technologies researchers have discovered CloudEye, a remarkably similar commercial software developed by the legitimate Italian company being used for nefarious purposes while analyzing the new cybersecurity threat called “Guloader”.

Researchers found out that the Italian company which has been operating for the past 4 years was selling a Guloader-lookalike product that is difficult to track by anti-virus software during the investigation into Guloader (1,2,3) which pointed the security research firm to the Italian security software’s website and to properly evaluate the activities of their CloudEye product which seems to be providing software protection solution to Windows applications.

According to Check Point research, many cybersecurity firms have been trailing Guloader since the beginning of this year after discovering that the network dropper has been spreading actively since the start of the year and being used to deploy malicious malware with help from cloud services.

READ ALSO: Oh Boy! Cycldek deploys USBCulprit malware for internet users

Guloader Malware: CloudEye App Connection With DarkEyE

There were citations discovered in the Guloader code that pointed to CloudEye software. While protection services from source code are generally used and deemed legal by most legitimate apps, the Italian company product – CloudEye software protection activities appeared odd

From the research, Check Point linked CloudEye software protecting service advertised on securitycode to adverts on various dark web forums promoting a defunct crypting service malware called DarkEyE in 2014.

More scrutiny from the research firm linked the identity of one of the Italian company founders as seen on their website to the three emails and usernames found to have been used in DarkEyE adverts and 2011 posts advertising DarkEyE malware crypting services on dark web forums.

These discoveries show how deeply connected CloudEye, DarkEyE and the Italian company is to the cybercriminal world which brings the legitimacy of the Italian company and its product to great disrepute.

READ ALSO: Dark Web Largest Hosting Provider Leaked, Thousands of Emails and Passwords Hacked

$500,000 Made From Selling CloudEye To Malware Developers

Check Point report estimated that the Italian company through CloudEye made $500,000 monthly from being sold to cybercriminals with more than 5,000 customers and at a minimum fee of $100/Month for the product.

Maya Levine, a cloud security technical marketing engineer at Check Point says, “This method of sales appears rare since cybercriminals mostly practice their arts on the dark web.”

RELATED POSTS