There’s a dangerous new malware-as-a-service on the rise - here’s what you need to know

BunnyLoader can do a lot of damage, so watch out

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A brand new malware-as-a-service (MaaS), capable of a wide range of malicious actions, is being offered on the dark web, researchers have found.

Cybersecurity experts from Zscaler ThreatLabz observed a MaaS called BunnyLoader being offered online for $250 (lifetime license).

After further analysis, the researchers discovered all of the things BunnyLoader can do - from deploying stage-two malware to stealing passwords stored in browsers to grabbing system information. Furthermore, BunnyLoader can run remote commands on the infectedendpoint, capture keystrokes via an integrated keylogger, and monitor the clipboard for cryptocurrency wallets.

Reader Offer: $50 Amazon gift card with demoPerimeter 81’s Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?)

C2 panel features

If a victim decides to send a cryptocurrency payment from one address to another, they’d usually copy and paste the recipient’s address in the app, mostly because wallet addresses are a long string of random letters and numbers. When malware monitors the clipboard, it can detect when the victim copies a wallet address and can replace the contents in the clipboard with an address belonging to the attacker. Thus, when a payment is initiated, the funds go to the attacker’s account.

BunnyLoader was written in C/C++ by a threat actor named PLAYER_BUNNY (aka PLAYER_BL). It is under active development since early September this year, allegedly getting new features and enhancements every day. Some of the newer ungraded include anti-sandbox and antivirus evasion techniques, made possible via a fileless loading feature.

Hackers who buy a license can also expect a C2 panel to monitor all active tasks, keep track of infection statistics, track connected and inactive hosts, and more.

The only thing that remains a mystery with BunnyLoader is how it makes it to the victim’s endpoints, as the researchers were unable to discover any initial access mechanisms.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“BunnyLoader is a new MaaS threat that is continuously evolving their tactics and adding new features to carry out successful campaigns against their targets,” the researchers concluded.

ViaTheHackerNews

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

VIPRE Security Group says its new endpoint protection tools can stamp out even the latest cybersecurity threats