BunnyLoader: A New Malware-as-a-Service (MaaS) Threat Unleashed in the Dark Web

In the ever-evolving landscape of cyber threats, a new player has emerged on the scene – BunnyLoader. This malware-as-a-service (MaaS) threat has recently surfaced in the cybercrime underground, offering a range of dangerous capabilities for cybercriminals. BunnyLoader is notable for its ability to evade detection by security tools.

In this article, we will learn more details of BunnyLoader, its features, and the implications it poses for cybersecurity.

Cybersecurity experts have raised alarm bells as they unveil BunnyLoader, a malevolent software that is up for sale on the dark web.

BunnyLoader boasts a broad range of capabilities, including:

• Payload Execution: BunnyLoader can download and execute a second-stage payload on compromised systems.
• Credential Theft: It is capable of stealing browser credentials and system information, putting user data at risk.
• Remote Control: Cybercriminals can remotely command and control infected machines, giving them unprecedented access to victims’ systems.
• Keylogging: The malware comes equipped with a keylogger, enabling the capture of keystrokes and sensitive information.
• Clipboard Monitoring: BunnyLoader features a clipper functionality, allowing attackers to monitor and replace content on victims’ clipboards, particularly cryptocurrency wallet addresses.

How BunnyLoader works

Once BunnyLoader is installed on a user’s device, it sets up persistence by creating a new entry in the Windows Registry. The malware then performs a series of checks to determine if it is running in a sandbox or virtual machine. If it is not, BunnyLoader will begin its malicious activity and creates hidden dangers.

BunnyLoader starts by sending a task request to its remote command and control (C2) server. The C2 server will then respond with a task for BunnyLoader to perform. This task could be to download and execute a second-stage malware payload, steal data from the victim’s device, or redirect cryptocurrency payments to the attacker’s wallet.

BunnyLoader then collects the requested data and compresses it into a ZIP archive. The malware then transmits the ZIP archive to the C2 server. The attackers can then access the stolen data from the C2 server.

Tips for protecting against BunnyLoader and other MaaS threats:

• Be careful about the emails you open and links you click on. Phishing emails are a common way for the attackers to distribute MaaS threats and create ransomware opportunities for the hackers.
• Be very careful about what tool you download and install. Only download software from trusted sources.
• Use a firewall and keep it up to date. A firewall can help to block unauthorized traffic to your devices.
• Regularly back up your data. In the event of a malware infection, you can restore your data from backup.

BunnyLoader, priced at $250 for a lifetime license, has been in development since its debut on September 4, 2023. The malware’s authors have consistently updated it, introducing new features and enhancements to this BunnyLoader Malware. These updates include anti-sandbox and antivirus evasion techniques, making it even more challenging to detect and remove such vulnerabilities.

Recent updates on September 15 and September 27, 2023, addressed issues with command-and-control (C2) functionality and critical SQL injection flaws in the C2 panel, preventing unauthorized access to the database.

One of the standout features of this malware, as highlighted by its author PLAYER_BUNNY (aka PLAYER_BL), is its fileless loading capability. This feature makes it exceedingly difficult for the antivirus solutions to remove the malware from the system, allowing it to persist on compromised systems and increasing the risk of businesses for ransomware attacks.

BunnyLoader’s command-and-control (C2) panel offers a range of options for cybercriminals. Buyers can monitor active tasks, infection statistics, connected hosts, and stealer logs. They also can remotely control compromised machines and purge information as needed.

While the exact initial access mechanism for BunnyLoader remains unclear, once installed, it establishes persistence by modifying the Windows Registry. It meticulously checks for sandbox and virtual machine environments before initiating malicious activities. This includes downloading and executing next-stage malware, running keyloggers and data stealers, and redirecting cryptocurrency payments.

In addition to BunnyLoader, the cybersecurity community has also identified other threats such as MidgeDropper, Agniane Stealer, and The-Murk-Stealer. These malicious tools further underscore the need for proactive cybersecurity strategies to protect individuals and organizations from the growing menace of cybercrime.

Conclusion

BunnyLoader is a significant threat to organizations of all sizes. The malware can be used to steal sensitive data, disrupt operations, and even extort money from victims. Its continuous development and evolving tactics make it a formidable adversary for cybersecurity professionals. So, every business and organization should take steps to protect themselves from BunnyLoader by keeping software up to date, using strong antivirus software, educating employees about cybersecurity, and implementing security best practices.

As we confront the emergence of such advanced threats, it is imperative to stay vigilant and invest in robust cybersecurity measures and get your organizations secured.

Enjoyed reading this article? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn.