HomeNewsExposed: Italian Company Fronting for Guloader Malware Operations

Exposed: Italian Company Fronting for Guloader Malware Operations

If you purchase via links on our reader-supported site, we may receive affiliate commissions.
cyberghost vpn ad

CloudEye Software company based in Italy has been discovered as a front for Guloader malware operation.

Check Point Software Technologies researchers have discovered CloudEye, a remarkably similar commercial software developed by the legitimate Italian company being used for nefarious purposes while analyzing the new cybersecurity threat called “Guloader”.

Researchers found out that the Italian company which has been operating for the past 4 years was selling a Guloader-lookalike product that is difficult to track by anti-virus software during the investigation into Guloader (1,2,3) which pointed the security research firm to the Italian security software’s website and to properly evaluate the activities of their CloudEye product which seems to be providing software protection solution to Windows applications.

According to Check Point research, many cybersecurity firms have been trailing Guloader since the beginning of this year after discovering that the network dropper has been spreading actively since the start of the year and being used to deploy malicious malware with help from cloud services.

READ ALSO: Oh Boy! Cycldek deploys USBCulprit malware for internet users

Guloader Malware: CloudEye App Connection With DarkEyE

There were citations discovered in the Guloader code that pointed to CloudEye software. While protection services from source code are generally used and deemed legal by most legitimate apps, the Italian company product – CloudEye software protection activities appeared odd

From the research, Check Point linked CloudEye software protecting service advertised on securitycode to adverts on various dark web forums promoting a defunct crypting service malware called DarkEyE in 2014.

More scrutiny from the research firm linked the identity of one of the Italian company founders as seen on their website to the three emails and usernames found to have been used in DarkEyE adverts and 2011 posts advertising DarkEyE malware crypting services on dark web forums.

These discoveries show how deeply connected CloudEye, DarkEyE and the Italian company is to the cybercriminal world which brings the legitimacy of the Italian company and its product to great disrepute.

READ ALSO: Dark Web Largest Hosting Provider Leaked, Thousands of Emails and Passwords Hacked

$500,000 Made From Selling CloudEye To Malware Developers

Check Point report estimated that the Italian company through CloudEye made $500,000 monthly from being sold to cybercriminals with more than 5,000 customers and at a minimum fee of $100/Month for the product.

Maya Levine, a cloud security technical marketing engineer at Check Point says, “This method of sales appears rare since cybercriminals mostly practice their arts on the dark web.”


Mikkelsen Holm
Mikkelsen Holm
Mikkelsen Holm is an M.Sc. Cybersecurity graduate with over six years of experience in writing cybersecurity news, reviews, and tutorials. He is passionate about helping individuals and organizations protect their digital assets, and is a regular contributor to various cybersecurity publications. He is an advocate for the adoption of best practices in the field of cybersecurity and has a deep understanding of the industry.


Delete Me
Incogni Black Friday Ad
Heimdal Security ad

Subscribe to SecureBlitz Newsletter

* indicates required


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.