Zscaler ThreatLabz, a leading cybersecurity research team, has recently identified a new and emerging threat known as “BunnyLoader.” This Malware-as-a-Service (MaaS) threat has been discovered on underground forums and is priced at $250. BunnyLoader is actively under development and rapidly evolving with regular updates and bug fixes.
What makes BunnyLoader particularly concerning for cybersecurity experts is its fileless loader nature. It operates in memory, making it harder to detect and analyze. The malware boasts a wide range of capabilities, including keylogging, clipboard monitoring for cryptocurrency theft, and remote command execution (RCE).
Since its initial release on September 4, 2023, BunnyLoader has undergone several iterations, each introducing enhancements and addressing bugs. These updates aim to adapt the malware to evade security measures and thwart analysis attempts. Additionally, BunnyLoader now offers the option to purchase payloads and stubs separately for $250 and $350, respectively.
According to Zscaler’s advisory published last Friday, BunnyLoader’s command-and-control (C2) panel is at the core of its operations. This panel oversees tasks such as downloading and executing additional malware, keylogging, credential theft, manipulating the clipboard for cryptocurrency theft, and remote command execution. The C2 panel also provides statistics, client tracking, and task management, giving the threat actor extensive control over infected machines.
Zscaler’s technical analysis of BunnyLoader has revealed the malware’s persistence mechanisms, anti-sandbox tactics, and interactions with C2 servers. The malware is adept at detecting virtual environments and employs various techniques to elude analysis. The keylogger component records keystrokes, while the stealer component exfiltrates a wide range of data from web browsers, cryptocurrency wallets, and VPN clients.
One particularly worrisome feature of BunnyLoader is its clipper module. This module scans the victim’s clipboard for cryptocurrency addresses and replaces them with controlled wallet addresses, enabling the attackers to divert cryptocurrency transactions.
Security researchers Niraj Shivtarkar and Satyam Singh emphasize the evolving nature of BunnyLoader and its continuous addition of new features to carry out successful campaigns against targets. The Zscaler ThreatLabz team is committed to monitoring these attacks to ensure the safety of their customers.
BunnyLoader serves as a stark reminder of the ever-evolving and innovative nature of cyber threats. As malware continues to advance, organizations and individuals must remain vigilant in implementing robust security measures to safeguard their systems and data.
