fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

New BHUNT Malware Targets your Crypto Wallets and Passwords

New BHUNT Malware Targets your Crypto Wallets and Passwords

A novel modular crypto-wallet stealing malware dubbed ‘BHUNT’ has been spotted targeting cryptocurrency wallet contents, passwords, and security phrases.

This is yet another crypto-stealer added to a large pile of malware that targets digital currency, but it is worth special attention due to its stealthiness.

Infection vector

The discovery and analysis of the new BHUNT malware come from Bitdefender, who shared their findings with Bleeping Computer before publishing.

Also Read: National Cybersecurity Awareness Campaign of Singapore: Better Cyber Safe than Sorry

To evade detection and triggering security warnings, BHUNT is packed and heavily encrypted using Themida and VMProtect, two virtual machine packers that hinder reverse-engineering and analysis by researchers.

The threat actors signed the malware executable with a digital signature stolen from Piriform, the makers of CCleaner. However, as the malware developers copied it from an unrelated executable, it’s marked as invalid due to a binary mismatch.

Invalid signature on the main executable
Invalid signature on the main executable
Source: Bitdefender

Bitdefender discovered that BHUNT is injected into explorer.exe and is likely delivered to the compromised system via KMSpico downloads, a popular utility for illegally activating Microsoft products.

KMS (Key Management Services) is a Microsoft license activation system that software pirates frequently abuse to activate Windows and Office products.

BleepingComputer recently reported a similar case of malicious KMSPico activators dropping cryptocurrency-wallet stealers to pirates’ systems.

This malware has been detected worldwide, with its greatest concentration of infected users in India, shown in the heat map below.

BHUNT victim heatmap
BHUNT victim heatmap
Source: Bitdefender

BHUNT modules

The main component of BHUNT is ‘mscrlib.exe,’ which extracts further modules that are launched on an infected system to perform different malicious behavior.

BHUNT's execution flow
BHUNT’s execution flow
Source: Bitdefender

Each module is designed for a specific purpose ranging from stealing cryptocurrency wallets to stealing passwords. Using a modular approach, the threat actors can customize BHUNT for different campaigns or easily add new features.


Also Read: Revised Technology Risk Management Guidelines of Singapore

The current modules included in the BHUNT ‘mscrlib.exe’ executable are described below:

  • blackjack – steals wallet file contents, encodes it with base 64, and uploads it to the C2 server
  • chaos_crew – downloads payloads
  • golden7 – steals passwords from the clipboard and uploads the files to the C2 server
  • Sweet_Bonanza – steals information from browsers (Chrome, IE, Firefox, Opera, Safari)
  • mrpropper – cleans up traces (argument files)

The targeted wallets are Exodus, Electrum, Atomic, Jaxx, Ethereum, Bitcoin, and Litecoin.

As you can see in the code snippet below, the blackjack module is used to search for and steal cryptocurrency wallets on a user’s device and send them to a remote server under the attacker’s control.

Blackjack's stealing function
Blackjack’s stealing function
Source: Bitdefender

Once the threat actor gains access to the wallet’s seed or configuration file, they can use it to import the wallet on their own devices and steal the contained cryptocurrency.

Although BHUNT’s focus is clearly financial, its information-stealing capabilities could enable its operators to gather much more than just crypto-wallet data.

“While the malware primarily focuses on stealing information related to cryptocurrency wallets, it can also harvest passwords and cookies stored in browser caches,” – explains Bitdefender’s report.

“This might include account passwords for social media, banking, etc. that might even result in an online identity takeover.”

To avoid being infected by BHUNT, you should simply avoid downloading pirated software, cracks, and illegitimate product activators.

As it’s been proven repeatedly, the projected financial savings from using pirated software are insignificant compared to the damage they can cause to infected systems.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us