BunnyLoader: The Latest Malware-as-a-Service (MaaS) Threat on the Dark Web

 Security experts have unearthed a new Malware-as-a-Service (MaaS) threat called BunnyLoader, available for purchase on the dark web. Offering a range of functionalities including executing payloads, stealing browser credentials, and much more, this C/C++-based loader presents a significant threat to cybersecurity.

Key Capabilities:

BunnyLoader, priced at $250 for a lifetime license, is a multifaceted malware with an array of features. These include downloading and executing second-stage payloads, harvesting browser credentials and system information, and a clipper function to replace cryptocurrency wallet addresses. Notably, it also boasts a fileless loading feature, making it a formidable adversary against antivirus software.

Continuous Development and Updates:

Since its debut on September 4, 2023, BunnyLoader has been under active development, with regular updates incorporating anti-sandbox and antivirus evasion techniques. Critical issues, including command-and-control (C2) panel flaws, have been addressed in updates released on September 15 and September 27, 2023.

Infiltration and Persistence:

The exact method of initial access used to distribute BunnyLoader remains unclear. Once installed, the malware establishes persistence through a Windows Registry change. It conducts rigorous sandbox and virtual machine checks before executing malicious actions by communicating with a remote server.

Advanced Tasks and Data Theft:

BunnyLoader excels at Trojan Downloader tasks to fetch and execute subsequent malware, Intruder operations for keylogging and data theft, and Clipper functionality for redirecting cryptocurrency payments. It then encapsulates the collected data into a ZIP archive for transmission.

Evolution and Ongoing Threat:

BunnyLoader represents a constantly evolving MaaS threat, refining tactics and adding new features for successful campaigns. Its adaptability makes it a potent tool for cybercriminals seeking to exploit vulnerabilities.

The emergence of BunnyLoader underscores the dynamic landscape of cyber threats. As this malware continues to evolve, vigilance and robust security measures are essential to safeguard against potential attacks. Stay informed and stay secure.