CloudEyE

The CloudEyE utility is presented as a legitimate tool by its developers. In order to try to stay in the clear, the creators of the CloudEyE hacking tool claim that this utility is not meant to be used for malicious purposes, but it is clear that this is nothing more than a façade. The CloudEyE tool is a service, which enables cyber crooks to obfuscate their malicious creations in order to make them more difficult to identify and dissect. Some of the obfuscation tricks utilized by the CloudEyE tool appear to be rather similar to those used by the GuLoader project.

The CloudEyE utility is a tool that anyone can purchase and use if they are willing to pay the price. The developers of the CloudEyE tool have set up a website to promote their creation. According to the developers of this obfuscation service, the CloudEyE tool enables its customers to:

• Use it as a 'file binder,' which means that it is capable of binding two files, such as a decoy document and a malicious payload. This is a common trick used by cyber crooks – the decoy file distracts the victim while the malicious payload is executed int eh background.
• Download encrypted payloads from a C&C (Command & Control) server, decrypt them and run the decrypted executables.
• Obfuscate the code of apps written in .NET - this may help the malicious executable hide its intentions from anti-malware tools, as well as make it more challenging for malware researchers to dissect and analyze the program.

It would appear that cybercriminals are taking advantage of the CloudEyE tool already. According to malware researchers, the RATicate hacking group has utilized the CloudEyE utility in one of their latest campaigns.

Despite the fact that the CloudEyE utility is designed to heavily obfuscate the code of malware, this does not make threats obfuscated with this tool completely undetectable. Thankfully, modern anti-malware utilities are capable of spotting even heavily obfuscated threats. This is why it is worth investing in a genuine, up-to-date antivirus solution that will be able to spot any threats that are obfuscated with the CloudEyE utility. However, keep in mind that the security suite may report the CloudEyE tool as GuLoader since there are significant similarities between the two projects.