A powerful malware known as BunnyLoader has been circulating for sale on the dark web for just $250. The malware provides a range of features like harvesting browser credentials and system related data, which cybercriminals have used to help them steal money. The malware is fileless, operating mostly in memory, which makes it particularly difficult to detect, experts warn.
It has been available online since the beginning of September according to security company Zscaler, which has been tracking its progress.
“BunnyLoader provides various functionalities such as downloading and executing a second-stage payload and stealing browser credentials and system information,” said Niraj Shivtarkar and Satyam Singh, from Zscaler’s ThreatLabz research team. The MaaS appears to target individuals with cryptocurrency wallets, to extract their credentials and ultimately lift their funds.
The malware is under rapid development, states the report, boasting numerous feature updates and bug fixes. Since 4 September, nine updates have been released, each adding more functionalities, ranging from adding browser paths to help target Google Chrome users, to adding support for 16 different credit card types.
The malware has the ability to repel antivirus software, by incorporating “advanced and proactive anti-analysis techniques”, Shivtarkar and Singh say in their report. To make the loader even harder to detect, the malware is fileless and operates solely in system memory.
The bulk of BunnyLoader’s operations run through a command and control panel, which oversees the downloading and execution of malware, implementing the above mentioned keylogging monitoring and credentials theft. The BunnyLoader C2 panel showcases a list of various tasks including downloading and executing additional malware, keylogging, stealing credentials, manipulating a victim’s clipboard to steal cryptocurrency and running remote commands on the infected machine.
The researchers added: “The BunnyLoader is a new MaaS threat that is continuously evolving their tactics and adding new features to carry out successful campaigns against their targets.”