Continuous improvements have been introduced to the GuLoader and DarkGate malware strains, The Hacker News reports.
Despite having little functional modifications since being first discovered in 2019, GuLoader, also known as CloudEyE, has been updated to feature more advanced obfuscation techniques to better evade detection, including updates to its Vectored Exception Handling capability initially uncovered by CrowdStrike, a report from Elastic Security Labs revealed.
Such a report comes after Check Point noted that VEH functions by placing a significant number of exceptions in a bid to hinder analysis efforts. On the other hand, DarkGate malware has been enhanced with an updated execution chain and overhauled RDP password exfiltration capabilities, according to a Trellix report.
"The threat actor has been actively monitoring threat reports to perform quick changes thus evading detections. Its adaptability, the speed with which it iterates, and the depth of its evasion methods attest to the sophistication of modern malware threats," said Trellix researchers.
Malicious updates have been recently issued to the Python Package Index package "django-log-tracker," which was last modified in April 2022, to facilitate the distribution of the Nova Sentinel information-stealing malware, The Hacker News reports.