Security experts have discovered BunnyLoader, a malware-as-a-service (MaaS) that is rapidly evolving and gaining popularity on different hacker platforms due to its ability to covertly infiltrate systems and manipulate their data, focusing in particular on system clipboards.
Unveiled on September 4, BunnyLoader has witnessed rapid development, swiftly enhancing its malicious capabilities, which currently include:
- payload downloading and execution
- keylogging
- sensitive data and cryptocurrency theft
- and remote command execution.
Bunny Loader also ensures persistence by creating a new value in the Windows Registry upon execution on a compromised device, all while concealing its activities and registering the victim into its control panel.
Additionally, BunnyLoader can steal data from web browsers, cryptocurrency wallets, VPNs, and messaging apps, compressing all pilfered data into a ZIP archive, which is then transferred to the attacker’s command and control server.
BunnyLoader’s Development
Through numerous updates since its debut, the malware has amplified its functionalities and provided bug resolutions, at times releasing significant versions with major enhancements, such as diverse anti-detection mechanisms and augmented information-theft capabilities.
Here’s a timeline of BunnyLoader’s development, according to Zscaler:
- v1.0 (Sept 4): Initial release.
- v1.1 (Sept 5): Fixed client bug, introduced log compression before upload, and added ‘pwd’ command for reverse shell.
- v1.2 (Sept 6): Enhanced stealer with browser history recovery, NGRok auth-token recovery, and supported additional Chromium browser paths.
- v1.3 (Sept 9): Added credit card recovery for 16 card types and fixed C2 bugs.
- v1.4 (Sept 10): Implemented AV evasion.
- v1.5 (Sept 11): Introduced VPN recovery to stealer, fileless loader bug fixes, and log loading optimizations.
- v1.6 (Sept 12): Added downloads history viewer and anti-sandbox techniques.
- v1.7 (Sept 15): Enhanced AV evasion.
- v1.8 (Sept 15): Implemented keylogger functionality and resolved various bugs.
- v1.9 (Sept 17): Enhanced stealer with game recovery, more Chromium browser paths, and added a desktop wallet recovery.
- v2.0 (Sept 27): Updated C2 GUI, fixed critical vulnerabilities, including SQL injection and XSS, introduced exploit attempt detection, and further optimized stealer and fileless loader functionalities.
Its cost-effective pricing (estimated at $350), coupled with an aggressive development trajectory, positions BunnyLoader as an appealing option for cybercriminals who want to capitalize on new malware projects before they become more popular and more expensive, explains Bleeping Computer.
Protecting Your Business from Malware Threats
Keeping businesses safe from malware involves several strategic steps:
- Firstly, ensure your team is educated about cyber threats and knows how to identify phishing attempts;
- Secondly, employ and regularly update antivirus software;
- Always back up data and store copies securely offsite to mitigate damage from potential ransomware attacks;
- Consistently update and patch software, and use multi-factor authentication to bolster login security;
- Safeguard your network with firewalls and restrict user privileges;
- Establish a well-defined incident response plan, regularly revisiting and updating it to contend effectively with potential cybersecurity breaches.
If you’re looking for a solution to secure your IT infrastructure against sophisticated cyber threats, Heimdal has you covered across the board, from endpoints and networks to emails and identities and beyond.
- End-to-end consolidated cybersecurity;
- Complete visibility across your entire IT infrastructure;
- Faster and more accurate threat detection and response;
- Efficient one-click automated and assisted actioning
If you liked this piece, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.