News Heading - 1

BunnyLoader: Novel Feature-Rich MaaS Targets Cryptocurrencies and VPNs

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

A dangerous, new malware-as-a-service is up for sale on various dark web forums. The multi-feature malware called BunnyLoader, comes laden with various functionalities, from stealing system and browser information to executing a second-stage payload.

With regular bug fixes and feature updation, the MaaS tool’s basic version is available for $250 (lifetime license). The ‘payload + stub’ version, featuring advanced anti-analysis and persistent techniques, bug fixes, database access, and more, is available for $350, revealed Zscaler ThreatLabz researchers.

Primarily written in C/C++, the tool is a fileless loader that deploys different sandbox identification and antivirus evasion techniques to avoid detection. Since its launch in early September, BunnyLoader has been enriched with more capabilities.

Its command-and-control (C2) panel allows a hacker to perform various tasks including keylogging via an integrated keylogger, deploying additional malware, remote command execution, monitoring clipboards, hijacking crypto wallet addresses, and stealing credentials.

The C2 panel also enables the threat actor to oversee the success of their campaign by providing information like, infection statistics, ongoing tasks, stealer logs, and the total number of connected and disconnected devices.

The cloud security company also revealed the functioning of BunnyLoader, by analyzing a malware sample of the MaaS tool. By creating a new registry value, the malware was able to maintain persistence, create a mutex, perform various anti-evasion checks, as well as connect with its C2 server.

When connected to the C2, the malware can exfiltrate system information like, the host system’s location, IP address, system version, administrative privileges, and anti-virus used.

In addition to monitoring and stealing from the host, the malware has modules to log credentials from different browsers, VPNs (OpenVPN & ProtonVPN), messaging applications, and cryptocurrency wallets.

All the stolen data is compressed into a ZIP archive and transferred to the threat actor controlled C2 server.

According to the researchers, the malware will continue to gain prominence in the time to come, due to its feature-rich capabilities. ‘’BunnyLoader is a new MaaS threat that is continuously evolving their tactics and adding new features to carry out successful campaigns against their targets.’’

News Heading - 2

Rising Malware Threat: Bing Chat Responses Infiltrated by Malicious Ads

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

Bing Chat, an AI-assisted search engine is facing a serious security issue, as cyber criminals use deceptive ads to lure unsuspecting users to download malwares.

Harnessing the capabilities of OpenAI’s GPT-4, Microsoft launched Bing Chat in February 2023. The interactive text and image search application within a few months achieved impressive user engagement numbers. In a period of six months, the AI powered search tool recorded over 1 billion chats.

The growing popularity of this tool as well as the possibility of incorporating ads into Bing Chat, made it quite popular among advertisers, hoping to reach a large user base.

The discovery was made by researchers at Malwarebytes , who demonstrated this malvertising technique. Users looking for software downloads were tricked into visiting counterfeit websites and prompted to install malicious installers directly from Bing Chat responses.

One of the methods used to display ads in Bing Chat conversations was present when a user hovered over a link, and an ad was displayed preceding the organic search result. The Malwarebytes researchers tried this method by asking the chat how to download the Advanced IP Scanner program used by network administrators.

Despite an ‘Ad’ label being displayed next to these links, users inadvertently would click this seemingly legitimate malvertising link, which would redirect them to the phishing sites.

According to the company, these websites check the users’ IP address, time zone, and various other system settings to filter virtual machines from real users. These users were then sent to fake sites mimicking official ones, while virtual ones were sent to decoy pages. The next step was to trick the users into downloading and installing the malicious installer.

‘’Threat actors continue to leverage search ads to redirect users to malicious sites hosting malware,’’ said the company. In this case, an unknown hacker had hacked into a legitimate Australian business ad account and created two separate ads.

The researchers also highlighted the need for users to stay vigilant when they click on links and visit websites. They also recommended use of security tools that provide web protection, help detect malware and block ads. This security incident was reported to Microsoft by Malwarebytes.