Bitdefender researchers talked about a new modular BHUNT malware that steals the contents of cryptocurrency wallets, passwords and secret phrases.
The new malware is spreading all over the world: in Australia, Egypt, Germany, India, Indonesia, Japan, Malaysia, Norway, Singapore, South Africa, Spain and the USA. The exact mechanism for delivering malware to users’ machines is still unclear, but experts suspect that hacked installers of various software are used for this.
If you’re interested, check out: Malware vs. virus difference explained.
The use of cracks as a source of infection is not a new trend, for example, earlier in such campaigns, tools such as KMSPico were used to deploy malware.
The main component of BHUNT is mscrlib.exe, which extracts additional modules that run on the infected system to perform various malicious actions.
Each of these modules is designed for a specific purpose, from stealing cryptocurrencies to stealing passwords. The following modules are currently included in the BHUNT executable:
- blackjack: steals the contents of the wallet file, encrypts with base 64 and uploads to the server of criminals;
- chaos_crew: loads additional payloads;
- golden7: steals passwords from the clipboard and uploads files to the hacker’s server;
- sweet_Bonanza: steals information from browsers (Chrome, IE, Firefox, Opera, Safari);
- mrpropper: cleans up traces left in the system.
The company emphasized that the most effective way to protect against such threats is to avoid installing software from untrusted sources and install updates in a timely manner (including for security products).
Let me remind you that we also wrote that Scammers spread malware under the mask of the Brave browser.