- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
BunnyLoader Malware Targets Browsers and Cryptocurrency
Zscaler ThreatLabz has identified a newly emerging Malware-as-a-Service (MaaS) threat known as “BunnyLoader,” available on underground forums. The tool, priced at $250, is actively under development, rapidly evolving with various feature updates and bug fixes.
BunnyLoader, primarily coded in C/C++, is a fileless loader that conducts malicious activities in memory, making detection more challenging for cybersecurity experts. It features a range of capabilities, including keylogging, clipboard monitoring to hijack cryptocurrency wallet addresses and remote command execution (RCE).
Since its initial release on September 4, 2023, BunnyLoader has witnessed several iterations, each bringing enhancements and fixes. These updates address bugs, introduce new functionalities, and adapt to thwart analysis attempts. Furthermore, the malware now offers options for payload and stub purchases at $250 and $350, respectively.
According to an advisory published by Zscaler last Friday, the core of BunnyLoader’s operations revolves around its command-and-control (C2) panel, which oversees various tasks, including downloading and executing additional malware, keylogging, credential theft, clipboard manipulation for cryptocurrency theft and remote command execution (RCE).
The C2 panel also offers statistics, client tracking and task management, providing the threat actor with extensive control over infected machines.
Zscaler also explained that BunnyLoader’s technical analysis revealed its persistence mechanisms, anti-sandbox tactics and interactions with C2 servers. The malware can detect virtual environments and employs various techniques to evade analysis.
Notably, the malware’s keylogger records keystrokes and the stealer component exfiltrates a wide range of data, including information from web browsers, cryptocurrency wallets and VPN clients.
Read more on keyloggers: Keylogger on Employee Home PC Led to LastPass 2022 Breach
The clipper module is another concerning feature that scans a victim’s clipboard for cryptocurrency addresses and replaces them with controlled wallet addresses. This enables attackers to divert cryptocurrency transactions.
“BunnyLoader is a new MaaS threat that is continuously evolving their tactics and adding new features to carry out successful campaigns against their targets,” wrote security researchers Niraj Shivtarkar and Satyam Singh. “The Zscaler ThreatLabz team will continue to monitor these attacks to help keep our customers safe.”
