Continuous improvements have been introduced to the GuLoader and DarkGate malware strains, The Hacker News reports.
Despite having little functional modifications since being first discovered in 2019, GuLoader, also known as CloudEyE, has been updated to feature more advanced obfuscation techniques to better evade detection, including updates to its Vectored Exception Handling capability initially uncovered by CrowdStrike, a report from Elastic Security Labs revealed.
Such a report comes after Check Point noted that VEH functions by placing a significant number of exceptions in a bid to hinder analysis efforts. On the other hand, DarkGate malware has been enhanced with an updated execution chain and overhauled RDP password exfiltration capabilities, according to a Trellix report.
"The threat actor has been actively monitoring threat reports to perform quick changes thus evading detections. Its adaptability, the speed with which it iterates, and the depth of its evasion methods attest to the sophistication of modern malware threats," said Trellix researchers.