2 min Security

Malware-as-a-Service BunnyLoader sends your sensitive data in a ZIP to hackers

Malware-as-a-Service BunnyLoader sends your sensitive data in a ZIP to hackers

Zscaler ThreatLabz has discovered a new Malware-as-a-Service threat. The malware is listed for sale on various forums for $250.

The malware BunnyLoader was recently discovered by security researchers at Zscaler ThreatLabz. On devices where the malware is active, hackers record keyboard activity and take control of the clipboard. In addition, it is possible to steal browser data and system information, but crypto wallets are also at risk.

All the information the malware collects in the background reaches the hackers via a ZIP archive. The stolen information can deal with credit card data, passwords, downloads, credentials from VPN services, chat applications and crypto-wallets.

Small price, high success rate

On several online platforms, researchers discovered the trading of BunnyLoader. The purchase price is $250, but due to the collection of credentials and credit card information, it can easily yield a multiple of this.

Moreover, the malware appears to be resistant. At a rapid pace, the malware is expanding with updates and bug fixes. This makes the success rate for the malware high. The first version of the Malware-as-a-Service was introduced on Sept. 4, 2023, according to the researchers. On Sept. 27, 2023, the malware would have been succeeded by a second version after nine smaller updates had already been implemented.

As of late September, the malware is available with a C2 Panel. That panel allows hackers to execute more malware and is required to record a victim’s physical keyboard activity and clipboard activity.

Also read: Hackers figure out your computer’s location via malware Whiffy Recon