HQ/EMEAFind out how we can help your business
Researchers warn everyone about the threat actors that utilise the BatCloak obfuscation tool. Based on reports, the tool could hide batch files and has effectively enabled compromised BAT files to bypass antivirus software solutions with a high success rate.
A recent tally showed that the threat actors utilise hundreds of heavily obfuscated batch archives to launch modified and fully undetectable malware. These files used BatCloak to bypass defences.
About 80% of security solutions could not detect BatCloak.
The batch samples that used BatCloak have evaded 80 per cent of the security solutions. This detail implies that the threat actors have an effective obfuscation tool that could avoid organisations’ standard detection mechanisms.
In addition, the investigation involved about 784 samples. The average detection rate in the study was less than one. Hence, it is very challenging for standard security solutions to identify and mitigate threats equipped with BatCloak.
Since last year, most of the gathered samples have demonstrated the ability to bypass AV detection efficiently. This tool allowed the threat actors to load various malware strains and exploit systems using heavily obfuscated batch files. Other researchers also linked the latest version of the tool to ScrubCrypt.
Researchers claimed that the BatCloak developers shifted from an open-source framework to a closed-source entity since its previous achievements like Jlaive. Furthermore, they are starting to monetise their project and protect their product from unauthorised replication.
Lastly, the authors incorporate features of the tool, like the ability to infiltrate host-based security measures aside from the malware’s FUD capabilities. These host-based security measures include anti-debugging capabilities, UAC bypass, AMSI bypass, and ETW bypass.
This current research about the constant growth of the BatCloak tool aims to identify the scope of its capabilities and compatibility with different malware strains. The recent development of this malicious tool displays its adaptability and versatility in each cybercriminal operation.
These findings show that the tool’s developers significantly impact how an attack could be effective. Security solutions should also improve their defence protocols to adapt to BatCloak’s TTP and counter its intrusion abilities.
