In the ever-evolving landscape of cyber threats, a new player has emerged on the scene – BunnyLoader. This malware-as-a-service (MaaS) threat has recently surfaced in the cybercrime underground, offering a range of dangerous capabilities for cybercriminals. BunnyLoader is notable for its ability to evade detection by security tools.
In this article, we will learn more details of BunnyLoader, its features, and the implications it poses for cybersecurity.
Cybersecurity experts have raised alarm bells as they unveil BunnyLoader, a malevolent software that is up for sale on the dark web.
BunnyLoader boasts a broad range of capabilities, including:
Once BunnyLoader is installed on a user’s device, it sets up persistence by creating a new entry in the Windows Registry. The malware then performs a series of checks to determine if it is running in a sandbox or virtual machine. If it is not, BunnyLoader will begin its malicious activity and creates hidden dangers.
BunnyLoader starts by sending a task request to its remote command and control (C2) server. The C2 server will then respond with a task for BunnyLoader to perform. This task could be to download and execute a second-stage malware payload, steal data from the victim’s device, or redirect cryptocurrency payments to the attacker’s wallet.
BunnyLoader then collects the requested data and compresses it into a ZIP archive. The malware then transmits the ZIP archive to the C2 server. The attackers can then access the stolen data from the C2 server.
BunnyLoader, priced at $250 for a lifetime license, has been in development since its debut on September 4, 2023. The malware’s authors have consistently updated it, introducing new features and enhancements to this BunnyLoader Malware. These updates include anti-sandbox and antivirus evasion techniques, making it even more challenging to detect and remove such vulnerabilities.
Recent updates on September 15 and September 27, 2023, addressed issues with command-and-control (C2) functionality and critical SQL injection flaws in the C2 panel, preventing unauthorized access to the database.
One of the standout features of this malware, as highlighted by its author PLAYER_BUNNY (aka PLAYER_BL), is its fileless loading capability. This feature makes it exceedingly difficult for the antivirus solutions to remove the malware from the system, allowing it to persist on compromised systems and increasing the risk of businesses for ransomware attacks.
BunnyLoader’s command-and-control (C2) panel offers a range of options for cybercriminals. Buyers can monitor active tasks, infection statistics, connected hosts, and stealer logs. They also can remotely control compromised machines and purge information as needed.
While the exact initial access mechanism for BunnyLoader remains unclear, once installed, it establishes persistence by modifying the Windows Registry. It meticulously checks for sandbox and virtual machine environments before initiating malicious activities. This includes downloading and executing next-stage malware, running keyloggers and data stealers, and redirecting cryptocurrency payments.
In addition to BunnyLoader, the cybersecurity community has also identified other threats such as MidgeDropper, Agniane Stealer, and The-Murk-Stealer. These malicious tools further underscore the need for proactive cybersecurity strategies to protect individuals and organizations from the growing menace of cybercrime.
BunnyLoader is a significant threat to organizations of all sizes. The malware can be used to steal sensitive data, disrupt operations, and even extort money from victims. Its continuous development and evolving tactics make it a formidable adversary for cybersecurity professionals. So, every business and organization should take steps to protect themselves from BunnyLoader by keeping software up to date, using strong antivirus software, educating employees about cybersecurity, and implementing security best practices.
As we confront the emergence of such advanced threats, it is imperative to stay vigilant and invest in robust cybersecurity measures and get your organizations secured.
Enjoyed reading this article? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
This website uses the following additional cookies:
(List the cookies that you are using on the website here.)
More information about our Cookie Policy