Cybercriminals are using an “evolving” obfuscation engine dubbed BatCloak to craft malicious batch files (BAT) that can evade antivirus and other security solutions.
In a report published on June 9, cybersecurity firm Trend Micro said malicious batch files created with BatCloak “have demonstrated a remarkable ability to persistently evade security solutions.”
Batch files are scripts that contain a series of commands. They’re used to load programs and perform other vital processes. While batch files aren’t inherently malicious, threat actors can use them to load malware on a target’s device.
Between September 2022 and June 2023, researchers at Trend Micro collected 784 samples of batch files created with BatCloak. Scanning these malicious files with security software, they found up to 80 percent went undetected.
“This finding underscores the ability of BatCloak to evade traditional detection mechanisms employed by security providers,” Trend Micro said.
BatCloak: The Invisible Menace
According to Trend Micro, out of the 784 samples tested, the average detection rate was less than one. BatCloak allows threat actors to “load numerous malware families and exploits with ease through highly obfuscated batch files,” the researchers said.
Batch obfuscation tools are becoming increasingly popular, emphasizing the need for new strategies to counter these hidden threats. Trend Micro highlighted another obfuscation tool, Jlaive, that was circulating in hacker communities in 2022.
The developer of Jlaive reportedly tested it on Windows 11 virtual machines, ensuring it can bypass Microsoft’s defenses undetected.
“Analysis of the previous Jlaive Github repository homepage offers some additional clues about a builder, including the use of AES encryption techniques to bypass antimalware scan interface (AMSI), C#, and an active Discord community,” Trend Micro researchers said.
While the original version of Jlaive has since been taken down from GitHub, clones and modified versions are circulating on various platforms, including Discord and Telegram channels.
The Need for Better Defenses
“Understanding the evolving landscape of advanced malware techniques such as FUD [fully undetectable] obfuscator BatCloak enables us to develop more effective strategies for combating the ever-evolving threats posed by these sophisticated adversaries,” the researchers said.
With threats like BatCloak becoming more common, cybersecurity experts are calling for new, advanced defense strategies. Trend Micro’s research underscores the shortcomings of current security systems and the need for better ways to spot and stop malware.
Given the sophisticated nature of threats today, an antivirus may not be enough for comprehensive security. For better protection, we recommend using a security suite with various cybersecurity tools. Check out our article on the best security suites for our top picks.
