In 2023, FortiGuard Labs uncovered the 8220 Gang’s utilization of ScrubCrypt to launch attacks targeting exploitable Oracle WebLogic Servers. ScrubCrypt has been described as an “antivirus evasion tool” that converts executables into undetectable batch files. It offers several options to manipulate malware, making it more challenging for antivirus products to detect. Analysts recently discovered a threat actor distributing a phishing email containing malicious Scalable Vector Graphics (SVG) f
scrubcrypt (2)
Detection of malware is typically done using virus definitions or signatures in a database. Security products, such as antiviruses, will scan files using a virus database to detect if the files are good or bad. They detect files as good if they don’t match an entry in the database and consider files bad if they do match an entry. It works almost like an advanced blacklist.
Malware authors understand how security products work and build malware that these products cannot detect. In the undergr
