- How to Become a Chief Information Officer: CIO Cheat Sheet
- 3 handy upgrades in MacOS 15.1 - especially if AI isn't your thing (like me)
- Your Android device is vulnerable to attack and Google's fix is imminent
- Microsoft's Copilot AI is coming to your Office apps - whether you like it or not
- How to track US election results on your iPhone, iPad or Apple Watch
BunnyLoader Malware Targets Browsers and Cryptocurrency
Zscaler ThreatLabz has identified a newly emerging Malware-as-a-Service (MaaS) threat known as “BunnyLoader,” available on underground forums. The tool, priced at $250, is actively under development, rapidly evolving with various feature updates and bug fixes.
BunnyLoader, primarily coded in C/C++, is a fileless loader that conducts malicious activities in memory, making detection more challenging for cybersecurity experts. It features a range of capabilities, including keylogging, clipboard monitoring to hijack cryptocurrency wallet addresses and remote command execution (RCE).
Since its initial release on September 4, 2023, BunnyLoader has witnessed several iterations, each bringing enhancements and fixes. These updates address bugs, introduce new functionalities, and adapt to thwart analysis attempts. Furthermore, the malware now offers options for payload and stub purchases at $250 and $350, respectively.
According to an advisory published by Zscaler last Friday, the core of BunnyLoader’s operations revolves around its command-and-control (C2) panel, which oversees various tasks, including downloading and executing additional malware, keylogging, credential theft, clipboard manipulation for cryptocurrency theft and remote command execution (RCE).
The C2 panel also offers statistics, client tracking and task management, providing the threat actor with extensive control over infected machines.
Zscaler also explained that BunnyLoader’s technical analysis revealed its persistence mechanisms, anti-sandbox tactics and interactions with C2 servers. The malware can detect virtual environments and employs various techniques to evade analysis.
Notably, the malware’s keylogger records keystrokes and the stealer component exfiltrates a wide range of data, including information from web browsers, cryptocurrency wallets and VPN clients.
Read more on keyloggers: Keylogger on Employee Home PC Led to LastPass 2022 Breach
The clipper module is another concerning feature that scans a victim’s clipboard for cryptocurrency addresses and replaces them with controlled wallet addresses. This enables attackers to divert cryptocurrency transactions.
“BunnyLoader is a new MaaS threat that is continuously evolving their tactics and adding new features to carry out successful campaigns against their targets,” wrote security researchers Niraj Shivtarkar and Satyam Singh. “The Zscaler ThreatLabz team will continue to monitor these attacks to help keep our customers safe.”
