A fully undetectable (FUD) malware obfuscation engine called BatCloak has been used to deploy various malwastrains since September 2022, persistently evading detection by antiviruses.
Researchers at Trend Micro describe this undetectable malware obfuscation engine as giving threat actors “the ability to load numerous malware families and exploits with ease through highly obfuscated batch files.”
The BatCloak engine is the core component of a ready-made batch file creation tool called Jlaive, which has Antimalware Scan Interface (AMSI) bypass capabilities, as well as compression and encryption of raw payload to achieve increased security escape.
The final payload is encapsulated using three layers of loaders: a C# loader, a PowerShell loader, and a batch loader—the last of which acts as a starting point for decoding, unpacking each stage, and finally firing the hidden malware.
Additionally, ScrubCrypt is designed to be interoperable with various known malware families such as Amadey, AsyncRAT, DarkCrystal RAT, Pure Miner, Quasar RAT, RedLine Stealer, Remcos RAT, SmokeLoader, VenomRAT and Warzone RAT.
Source of information: thehackernews.com