Security researchers recently detected a new modular stealer called BHUNT, written in .NET and capable of exfiltrating cryptocurrency wallets, including Atomic, Exodus, Ethereum, Jazz, Bitcoin, and Litecoin wallets. The malicious campaign, targeting Australia, Egypt, Germany, India, Indonesia, Japan, Malaysia, Norway, Singapore, South Africa, Spain, and the US, and is likely to spread further among users around the world by misfortune.

The Bitdefender researchers who found the malware named it BHUNT, after the name of its main assembly. BHUNT is, in fact, a new malware family to steal cryptocurrency wallets. His analysis also revealed that the BHUNT thief’s flow execution is different from the others.

The malware binaries appear to be encrypted with commercial packers such as: Themida and VMProtect. The samples that identified the researchers were digitally signed with a digital certificate issued to a software company.

As for the malware components, they are specialized in stealing crypto wallet files, such as wallet.dat and seed.seco, clipboard information, and passphrases needed to recover accounts.

It is also noteworthy that the malware used encrypted setup scripts downloaded from public Pastebin pages. Its other components are equipped with the purpose of stealing password, cookies and other sensitive details, specifically stored in Google Chrome and Mozilla Firefox browsers, for taking security measures does not hurt as this threat can do a lot of damage.

Bitdefender give recommendations to avoid getting terminated with BHUNT or other similar password stealing malwares. “The most effective way to defend against this threat is to avoid installing software from untrustworthy sources and to keep security solutions up to date,” Security experts of Bitdefender said.


Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *