Fake Employee Reports Spread Guloader and Remcos RAT Malware

Scammers are using fake October 2025 performance reviews to trick staff into installing Guloader and Remcos RAT malware. Learn how to identify this threat and protect your personal data from remote hackers...

Researchers Unveil GuLoader Malware's Latest Anti-Analysis Techniques

Threat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging. "While GuLoader's core functionality hasn't changed drastically over the past few years, these constant updates in their obfuscation techniques make analyzing...

Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure

In what's the latest evolution of threat actors abusing legitimate infrastructure for nefarious ends, new findings show that nation-state hacking groups have entered the fray in leveraging the social platform for targeting critical infrastructure. Discord, in recent years, has become a lucrative...

Cybercriminals Using New ASMCrypt Malware Loader to Fly Under the Radar

Threat actors are selling a new crypter and loader called ASMCrypt, which has been described as an "evolved version" of another loader malware known as DoubleFinger. "The idea behind this type of malware is to load the final payload without the loading process or the payload itself being detected...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 - WinRAR File Extension Spoofing Vulnerability...

WinRAR Security Flaw Exploited in Zero-Day Attacks to Target Traders

A recently patched security flaw in the popular WinRAR archiving software has been exploited as a zero-day since April 2023, new findings from Group-IB reveal. The vulnerability, cataloged as CVE-2023-38831, allows threat actors to spoof file extensions, thereby making it possible to launch...

PT-2023-10358 · Undefined · Undefined

ParsedReport ChatGPT Translated Autotext: RSTReportsAnalyser + ChatGPT + Google Translate|DeepL ------ Основная идея: В данной статье рассматривается недавняя активность GuLoader или ModiLoader/DBatLoader и приводятся индикаторы компрометации IOC для заражения Formbook "QM18". В статье также...

GuLoader returns with a rotten shipment

GuLoader, a perennial favourite of email-based malware campaigns since 2019, has been seen in the wild once again. GuLoader is a downloader with a chequered history, dating back to somewhere around 2011 in various forms. Two years ago it was one of our most seen malspam attachments. Most popular...

Threat actors strive to cause Tax Day headaches

Threat actors often take advantage of current events and major news headlines to align attacks and leverage social engineering when people could be more likely to be distracted or misled. Tax season is particularly appealing to threat actors because not only are people busy and under stress, but ...

AgentTesla Trojan Returns with Phishing Campaigns Using GuLoader to Steal Secrets

Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The AgentTesla Trojan continues to pose a threat as attackers use GuLoader to deliver it in new phishing campaigns targeting various industries and countries...

GuLoader Malware Using Malicious NSIS Executables to Target E-Commerce Industry

E-commerce industries in South Korea and the U.S. are at the receiving end of an ongoing GuLoader malware campaign, cybersecurity firm Trellix disclosed late last month. The malspam activity is notable for transitioning away from malware-laced Microsoft Word documents to NSIS executable files for...

GuLoader Malware Using Malicious NSIS Executables to Target E-Commerce Industry

E-commerce industries in South Korea and the U.S. are at the receiving end of an ongoing GuLoader malware campaign, cybersecurity firm Trellix disclosed late last month. The malspam activity is notable for transitioning away from malware-laced Microsoft Word documents to NSIS executable files for...

Actors, Threats and Vulnerabilities 23 January 2023 – 29 January 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Hive Pro discovered four actors that have been active in the past week. The first, APT40 and Tick, are well-known Chinese threat actors known for information theft and...

Chinese Threat Actors Leverage Phishing and GuLoader to Distribute Remcos RAT

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The malicious campaign described involves the distribution of a malicious PDF file through email, via phishing. The PDF file in this case redirects victims to a legitimate cloud-based platform, where the...

GuLoader: The NSIS Vantage Point

GuLoader: The NSIS Vantage Point By Nico Paulo Yturriaga · January 24, 2023 GuLoader is an advanced shellcode downloader infamous for using anti-analysis tricks to evade detection and obstruct reverse engineering. As of this writing, the GuLoader campaign is aggressively ongoing. Trellix’s...

GuLoader: The NSIS Vantage Point

GuLoader: The NSIS Vantage Point By Nico Paulo Yturriaga · January 24, 2023 GuLoader is an advanced shellcode downloader infamous for using anti-analysis tricks to evade detection and obstruct reverse engineering. As of this writing, the GuLoader campaign is aggressively ongoing. Trellix’s...

GuLoader Malware Utilizing New Techniques to Evade Security Software

Cybersecurity researchers have exposed a wide variety of techniques adopted by an advanced malware downloader called GuLoader to evade security software. "New shellcode anti-analysis technique attempts to thwart researchers and hostile environments by scanning entire process memory for any virtua...

SBA phishing scams: from malware to advanced social engineering

A number of threat actors continue to take advantage of the ongoing coronavirus pandemic through phishing scams and other campaigns distributing malware. In this blog, we look at 3 different phishing waves targeting applicants for Covid-19 relief loans. The phishing emails impersonate the US Smal...

Lock and Code S1Ep12: Pinpointing identity and access management’s future with Chuck Brooks

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Chuck Brooks, cybersecurity evangelist and adjunct professor for Georgetown University’s Applied Intelligence Program and graduate Cybersecurity Programs...

Malspam campaign caught using GuLoader after service relaunch

They say any publicity is good publicity. But perhaps this isnt true for CloudEye, an Italian firm that claims to provide "the next generation of Windows executables protection". First described by Proofpoint security researchers in March 2020, GuLoader is a downloader used by threat actors to...