New BHUNT Password Stealer Malware Targeting Cryptocurrency Wallets

A new evasive crypto wallet stealer named BHUNT has been spotted in the wild with the goal of financial gain, adding to a list of digital currency stealing malware such as CryptBot, Redline Stealer, and WeSteal.

“BHUNT is a modular stealer written in .NET, capable of exfiltrating wallet (Exodus, Electrum, Atomic, Jaxx, Ethereum, Bitcoin, Litecoin wallets) contents, passwords stored in the browser, and passphrases captured from the clipboard,” Bitdefender researcher said in a technical report on Wednesday.

The campaign, distributed globally across Australia, Egypt, Germany, India, Indonesia, Japan, Malaysia, Norway, Singapore, South Africa, Spain, and the U.S., is suspected to be delivered to compromised systems via cracked software installers.

The modus operandi of using cracks as an infection source for initial access mirrors similar cybercrime campaigns that have leveraged tools such as KMSPico as a conduit for deploying malware. “Most infected users also had some form of crack for Windows (KMS) on their systems,” the researchers noted.

The attack sequence starts with the execution of an initial dropper, which proceeds to write heavily-encrypted interim binaries that are then used to launch the main component of the stealer — a .NET malware that incorporates different modules to facilitate its malicious activities, the results of which are exfiltrated to a remote server

Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *