Bunny Vs. Clippy
In the shadows of the cyber underworld, a new software product is quietly gaining popularity. Named ‘BunnyLoader’, this malware-as-a-service (MaaS) has caught the attention of cybersecurity researchers, who have tracked its emergence on various hacker forums. Dressed up as a fileless loader, this virtual trojan horse nefariously substitutes the genuine contents of a system’s clipboard with its own payload.
The malware is anything but dormant; its evolution is evidently rapid and strident. It currently brandishes an intimidating arsenal that includes keylogging, downloading and execution of payloads, remote commands operation, and theft of sensitive data and cryptocurrency.
BunnyLoader hopped onto the scene on September 4th, displaying a lean list of functions, but it wasn’t to stay a lightweight for long. Its creators diligently added new features like multiple mechanisms of evading detection and beefed up its information pilfering capabilities, culminating in a comprehensive second version rolling out by the month-end.
Multi-Stage Bunnies
According to researchers at cloud security firm Zscaler, BunnyLoader has been set for a meteoric rise, being embraced heartily by cybercriminals who find its mix of feature-rich malware at such a low price hard to resist.
The command and control panel on BunnyLoader is user-friendly, which allows even cybercriminals with basic computing skills to execute its wide range of functions. These include setting a second-stage payload, activating keyloggers, pilfering credentials, meddling with clipboards (a useful tool for siphoning off cryptocurrency), and issuing remote commands on the compromised devices.
Their recent report outlines the modus operandi of BunnyLoader. Once executed on a compromised device, and before it starts creating havoc, BunnyLoader performs a ritual of persistence drive by creating a new value in the Windows Registry. This is followed by cunningly hiding its window of operation, tying up resources to stop duplicative instances, and registering the poor victim into the control panel.
Bunnies Stealing Crypto
For $300, This tactical bunny will own your adversaries.
Besides clipping sensitive data from web browsers, VPNs, messaging apps, and more, BunnyLoader also secures a hold on data on cryptocurrency wallets. Once in its possession, it compresses all stolen material into a compact ZIP file before smuggling them out to the culprit’s command and control server, making itself a quite standard, albeit highly proficient, info thief.
And if it finds itself in a sandbox or simulated environment? This clever piece of malware stages an architectural incompatibility error to throw off suspicion.
In a fascinating feed of updates, BunnyLoader has undergone continuous reforms since its inception, with Zscaler playing a close spectator. It has been tracking BunnyLoader’s numerous updates across multiple hacking forums.
Bargain Bunny Pricing!
Currently available at a price of $250, BunnyLoader also comes in a fancier “private stub” version, which houses additional persistence mechanisms, in-memory injection, robust anti-analysis, and AV evasion, all for $100 more.
BunnyLoader’s low pricing strategy coupled with its innovative development cycle make it an attractive proposition for those involved in cybercrime. Zscaler’s detailed report stands as an invaluable resource, providing technical insights and key indicators that could preempt the malware from rooting itself or even prevent possible infections.
