Introduction
Malware-as-a-Service (MaaS) 'yes maas just like saas is a real thing' is a business model where cybercriminals offer malware to other criminals on a subscription basis, the same way you subscribe to chatGPT to access premium features is the same model it uses the same similar approach. This model has made it easier for criminals with limited technical skills to launch cyberattacks. MaaS offerings typically include a variety of malware tools and services, such as malware creation kits, phishing kits, and botnets.
BunnyLoader is a recent and concerning MaaS offering that has been gaining popularity among cybercriminals. BunnyLoader is a stealer malware that can steal a variety of information from victim devices, including browser credentials, system information, and cryptocurrency wallets. BunnyLoader is also capable of downloading and executing other malware on victim devices.
BunnyLoader is being sold on various forums by a user named "PLAYER_BUNNY" or "PLAYER_BL". There is no information available on the cost or who the typical buyers are in case you were asking yourself these questions
Capabilities and Targets
According to the Zscaler Blog, BunnyLoader is a Malware-as-a-Service (MaaS) that is sold on various forums. It is under rapid development with multiple feature updates and bug fixes the developers work on it full-time. BunnyLoader provides various functionalities such as downloading and executing a second-stage payload, stealing browser credentials and system information, and much more. BunnyLoader targets Windows machines and uses anti-sandbox techniques to avoid detection. For now, Linux and macOS users are safe. Here are some of the capabilities of BunnyLoader:
-
Downloads and executes a second-stage payload.
-
Steals browser credentials, system information, and cryptocurrency wallets.
-
Logs keystrokes and sends to the attacker on a scheduled period.
-
Monitors the victim's clipboard to replace cryptocurrency wallet addresses with actor-controlled cryptocurrency wallet addresses.
-
Executes remote commands.
-
Implements anti-analysis techniques.
-
Provides a web panel showcasing stealer logs, total clients, active tasks, and much more.
According to SC Magazine, BunnyLoader is a MaaS threat that has been proliferating in hacking forums since early September 2023 yes it's very much new in the market. It is a continuously evolving threat that targets Windows and Linux systems for now. BunnyLoader is capable of a variety of malicious activities including downloading and executing second-stage payloads, browser credential and system data exfiltration, remote command execution, keystroke captures, and cryptocurrency wallet replacements. To avoid detection, BunnyLoader modifies the Windows Registry and conducts sandbox and virtual machine checks before its malicious activity yes it is that complex.
Distribution
let's discuss how Bunnyloader gets distributed to our machines
BunnyLoader is delivered through phishing emails with RAR and BZ2 archives. Phishing emails are emails that are disguised to appear legitimate to trick the recipient into clicking on a malicious link or attachment. In the case of BunnyLoader, the email attachment may be a RAR or BZ2 archive that contains the BunnyLoader malware. When the victim clicks on the attachment, the BunnyLoader malware is installed on their device.
Let's talk a bit about what RAR and BZR archives you use frequently in your day-to-day life
-
RAR archive: RAR is a proprietary archive file format that is similar to ZIP. RAR archives can compress files more efficiently than ZIP archives, and they can also support features such as password protection and encryption. WinRAR is a popular software application that can be used to create and open RAR archives. Told you you use this software frequently.
-
BZ2 archive: BZ2 is a compressed file format that is commonly used on Unix and Linux systems. BZ2 archives can only compress single files, and they are not as widely used as ZIP or RAR archives. However, BZ2 archives can be very efficient at compressing files. You can use the bzip2 command-line tool to create and open BZ2 archives. Okay, we do not use them that often.
Defense
Here are some ways to defend against BunnyLoader. Although some tips here may be a bit more general they are very useful and are not to be overlooked
-
Be cautious about attachments and links in emails. Phishing emails are a common way to distribute malware, so be careful about opening attachments or clicking on links in emails, especially from unknown senders. Most of these do not even reach you because they languish in the spam folder but in case they manage to reach you just be careful.
-
Keep your software up to date. This includes your operating system, web browser, and antivirus software. Outdated software may have vulnerabilities that attackers can exploit. If you are using outdated systems like Windows 8 or Windows 7 upgrade to the latest system in 2024 those are very much outdated and no longer maintained
-
Use a reputable antivirus program. A good antivirus program can help to detect and block malware before it can infect your device. Avoid unknown antivirus systems they can be viruses.
-
Don't run programs from untrusted sources. Only run programs that you trust from reputable sources.
-
Back up your data regularly. In case you do get infected with malware, having a backup of your data can help you to recover your files. I am not saying you will get infected I'm just advising you to back up your important files anything can happen and with the sophisticated way malware gets in our devices there is no telling if you have been infected or not at times you will just see fishy behavior from your machine
The best way to protect yourself from malware is to be proactive and take steps to prevent it from infecting your device in the first place. By following these tips, you can help to keep yourself safe from BunnyLoader and other types of malware.
It is important to note that BunnyLoader is a new and rapidly developing malware program at the time of writing. New variants may be able to bypass these defenses. So, staying updated on the latest threats and implementing new security measures is important.
Conclusion
Bunny Loader presents a significant threat due to its ease of access, wide range of functionalities, and continuous development. While technical users can utilize its features for complex attacks, the low cost makes it accessible to a broader range of cyber criminals. This democratization of advanced malware is a worrying trend, highlighting the importance of robust cyber security practices for individuals and organizations alike.
By employing strong anti-virus software, maintaining software updates, and exercising caution with email attachments and links, users can significantly reduce the risk of infection. However, staying informed about emerging threats and adapting security measures remains crucial in the ever-evolving cyber threat landscape
Be sure to read more of these stories