Researchers recently discovered an e-mail using a tactic where the message was delivered to a coffee company in Ukraine that an oil provider seemingly sent in Saudi Arabia. With the current fluctuations in the energy market and the related rise in prices for consumers, threat actors (TAs) are using lures to exploit the global interest. Affected platforms Windows. GuLoader executable Purporting to be a purchase order, the partial PDF file image displayed in the body of the email was actually a link to an ISO file. This file is hosted in the cloud that contained an executable for GuLoader. Also known as CloudEye and vbdropper, GuLoader dates to at least 2019. It is used to deploy malware variants like Agent Tesla, Formbook, and Lokibot.