A brand new malware-as-a-service (MaaS), capable of a wide range of malicious actions, is being offered on the dark web, researchers have found.
Cybersecurity experts from Zscaler ThreatLabz observed a MaaS called BunnyLoader being offered online for $250 (lifetime license).
After further analysis, the researchers discovered all of the things BunnyLoader can do – from deploying stage-two malware to stealing passwords stored in browsers to grabbing system information. Furthermore, BunnyLoader can run remote commands on the infected endpoint, capture keystrokes via an integrated keylogger, and monitor the clipboard for cryptocurrency wallets.
C2 panel features
If a victim decides to send a cryptocurrency payment from one address to another, they’d usually copy and paste the recipient’s address in the app, mostly because wallet addresses are a long string of random letters and numbers. When malware monitors the clipboard, it can detect when the victim copies a wallet address and can replace the contents in the clipboard with an address belonging to the attacker. Thus, when a payment is initiated, the funds go to the attacker’s account.
BunnyLoader was written in C/C++ by a threat actor named PLAYER_BUNNY (aka PLAYER_BL). It is under active development since early September this year, allegedly getting new features and enhancements every day. Some of the newer ungraded include anti-sandbox and antivirus evasion techniques, made possible via a fileless loading feature.
Hackers who buy a license can also expect a C2 panel to monitor all active tasks, keep track of infection statistics, track connected and inactive hosts, and more.
The only thing that remains a mystery with BunnyLoader is how it makes it to the victim’s endpoints, as the researchers were unable to discover any initial access mechanisms.
“BunnyLoader is a new MaaS threat that is continuously evolving their tactics and adding new features to carry out successful campaigns against their targets,” the researchers concluded.
More from TechRadar Pro
- A powerful new malware backdoor is targeting governments across the world
- Here’s a list of the best firewalls today
- These are the best malware removal tools right now