BHUNT password stealer designed to target cryptocurrency wallets

February 10, 2022
BHUNT Password Stealer Cryptocurrency Wallets Crypto Malware Fraud Prevention

The newest addition to the threats that target the cryptocurrency community has been discovered recently, revealing a password-stealer malware called BHUNT infecting crypto wallets worldwide.

With the ever-growing community of cryptocurrency users, threat actors find and develop ways to take advantage of online currency. Based on reports, BHUNT is an evasive malware that specialises in obtaining access to crypto wallets and is being reproduced and propagated across the entire cybercriminal landscape.

BHUNT is a new crypto stealer strain that experts had first spotted in the early weeks of January 2022. It is coded in [.]NET and can steal wallet content from Atomic, Bitcoin, Electrum, Ethereum, Exodus, and many more.

The new malware can also gather passwords saved in search engines and passphrases stored in clipboards, being operated across different countries such as Australia, Indonesia, Japan, Singapore, Malaysia, India, Egypt, South Africa, Germany, Norway, Spain, and the US.

 

The infection process of BHUNT starts with the activation of a dropper that codes encrypted binaries. The binary files are encrypted by the actors with packers like Themida and VMProtect.

 

Moreover, the primary element ([.]NET malware) is deployed, and the end products are transferred to a secured and remote server. It also utilises configuration scripts downloaded from Pastebin webpages.

Based on an analysis, BHUNT samples were discovered by researchers to be digitally signed with a certificate given to a software firm. However, these provided certificates are not compatible with the binaries mentioned earlier.

The emergence of BHUNT implies that threat actors utilise various ways to acquire cryptocurrency. As of now, threat actors are using weapons such as info stealers, clippers, cryptojackers, password stealers, and trojans to obtain cryptocurrency illegally.

The cybersecurity community has been battling malware for years now. Utilising malware to heist cryptocurrency shows a need to upgrade all security providers’ defence mechanisms.

BHUNT is a developing malware that seems to have a vast potential of being a massive threat against everyone. Thus, experts suggest that downloading software from third-party stores or unknown sources should be avoided by users.

About the author

Leave a Reply