Hackers use BatCloak to make their malware completely undetectable

Hackers use BatCloak to make their malware completely undetectable

A fully undetectable (FUD) malware obfuscation engine called BatCloak has been used to deploy various malwastrains since September 2022, persistently evading detection by antiviruses.


Researchers at Trend Micro describe this undetectable malware obfuscation engine as giving threat actors “the ability to load numerous malware families and exploits with ease through highly obfuscated batch files.”

The BatCloak engine is the core component of a ready-made batch file creation tool called Jlaive, which has Antimalware Scan Interface (AMSI) bypass capabilities, as well as compression and encryption of raw payload to achieve increased security escape.

The final payload is encapsulated using three layers of loaders: a C# loader, a PowerShell loader, and a batch loader—the last of which acts as a starting point for decoding, unpacking each stage, and finally firing the hidden malware.

Additionally, ScrubCrypt is designed to be interoperable with various known malware families such as Amadey, AsyncRAT, DarkCrystal RAT, Pure Miner, Quasar RAT, RedLine Stealer, Remcos RAT, SmokeLoader, VenomRAT and Warzone RAT.

Source of information: thehackernews.com

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!