VERY IMPORTANT

Remcos and GuLoader are tools that were once exclusively sold on hacking forums and are now publicly available on e-commerce, masquerading as legitimate products. These tools have become popular among individuals with malicious intentions. Check point Research has discovered that an individual operating under the alias EMINэM administers the websites BreakingSecurity and VgoStore that openly sell Remcos and GuLoader under a new name, TheProtect. This Threat actor is also involved in distributing malware, including the notorious Formbook info stealer and Amadey Loader. At the same time, EMINэM employs TheProtect for his own malicious purposes, exploiting its ability to bypass antivirus software.