New ‘BUBBAS GATE’ Malware Advertised on Telegram Boasts SmartScreen and AV/EDR Bypass

A new malware loader dubbed “BUBBAS GATE” has surfaced on underground forums and Telegram channels, drawing attention for its bold claims of advanced evasion capabilities, including bypassing Microsoft’s SmartScreen and modern AV/EDR solutions.

The loader was first advertised on June 22, 2025, with the threat actor touting a suite of features designed to evade detection and maximize persistence on infected systems.

Advanced Evasion Techniques

According to the actor’s promotional posts, BUBBAS GATE leverages a combination of indirect syscalls via a modified VEH (Vectored Exception Handler), avoids using standard Windows APIs, and employs PEB (Process Environment Block) walking along with custom stack logic.

These techniques are designed to circumvent traditional security hooks and detection mechanisms, a trend increasingly observed among sophisticated malware loaders aiming to stay ahead of endpoint protection platforms.

The loader’s claim of SmartScreen bypass is particularly notable. Recent campaigns, such as those distributing DarkGate ...