Malware, Threat Intelligence, Email security

Activity of CloudEyE malware spikes, report finds

Attempted CloudEyE malware-as-a-service downloader and cryptor infections exceeded 100,000 during the second half of 2025, which is 30 times higher than in the first half of the year, according to GBHackers News.

Nearly a third of the attempts, which were part of coordinated email campaigns in September and October, were aaimed at Central and Eastern Europe, said ESET Research in a series of posts on X, formerly Twitter. Hacked websites, spear-phishing emails, and drive-by downloads have been used to deliver PowerShell scripts, Nullsoft Scriptable Install System executables, and JavaScript files containing the CloudEyE downloader, which proceeds with fetching its cryptor component with the final payload upon execution.

Extensive multi-stage encryption has been employed by CloudEyE, which not only enables bypass of endpoint detection and response and threat intelligence systems, but also guarantees prolonged persistence in targeted environments. Such a threat should prompt organizations to adopt behavior-based detection systems, enhance NSIS executable blocking efforts, and strengthen security awareness training programs.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds