Another malware-as-a-service threat has emerged in the form of BunnyLoader, which has been proliferating in hacking forums since early last month, reports The Hacker News.
Aside from featuring second-stage payload downloading and execution capabilities, BunnyLoader could
also facilitate browser credential and system data exfiltration, remote command execution, keystroke captures, and cryptocurrency wallet replacements, according to a Zscaler ThreatLabz report. Continuous improvements have been applied to BunnyLoader since its debut on Sept. 4, with developers addressing command-and-control flaws and critical SQL injection bugs, as well as adding antivirus bypass and anti-sandbox features in updates.
Researchers discovered that installation of BunnyLoader modifies Windows Registry and conducts sandbox and virtual machine checks prior to Trojan Downloader and Clipper retrieval and exfiltration of data gathered in a ZIP archive.
"BunnyLoader is a new MaaS threat that is continuously evolving their tactics and adding new features to carry out successful campaigns against their targets," said researchers.
