View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 2, 2023updated 03 Oct 2023 7:59am

Dangerous BunnyLoader malware hops onto the dark web

The fileless malware is particularly difficult to detect, and is helping cybercriminals pilfer cryptocurrencies.

By Claudia Glover

A powerful malware known as BunnyLoader has been circulating for sale on the dark web for just $250. The malware provides a range of features like harvesting browser credentials and system related data, which cybercriminals have used to help them steal money. The malware is fileless, operating mostly in memory, which makes it particularly difficult to detect, experts warn.

BunnyLoader malware for sale on the dark web. (Photo by FullFrameFactory/Shutterstock)

It has been available online since the beginning of September according to security company Zscaler, which has been tracking its progress.

“BunnyLoader provides various functionalities such as downloading and executing a second-stage payload and stealing browser credentials and system information,” said Niraj Shivtarkar and Satyam Singh, from Zscaler’s ThreatLabz research team. The MaaS appears to target individuals with cryptocurrency wallets, to extract their credentials and ultimately lift their funds.

The malware is under rapid development, states the report, boasting numerous feature updates and bug fixes. Since 4 September, nine updates have been released, each adding more functionalities, ranging from adding browser paths to help target Google Chrome users, to adding support for 16 different credit card types.

The malware has the ability to repel antivirus software, by incorporating “advanced and proactive anti-analysis techniques”, Shivtarkar and Singh say in their report. To make the loader even harder to detect, the malware is fileless and operates solely in system memory. 

The bulk of BunnyLoader’s operations run through a command and control panel, which oversees the downloading and execution of malware, implementing the above mentioned keylogging monitoring and credentials theft. The BunnyLoader C2 panel showcases a list of various tasks including downloading and executing additional malware, keylogging, stealing credentials, manipulating a victim’s clipboard to steal cryptocurrency and running remote commands on the infected machine.

The researchers added: “The BunnyLoader is a new MaaS threat that is continuously evolving their tactics and adding new features to carry out successful campaigns against their targets.” 

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Read More: Malvertising on Google Ads is a growing problem that isn’t going away

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.