With the sudden surge in cryptocurrency demand, came a surge of cybercriminals who plan on stealing those crypto coins for financial gains. They are coming up with new stealer malware that specialize in gaining access to crypto wallets. One such new evasive crypto stealer is in town and is following in the footsteps of Redline Stealer, WeSteal, and CryptBot. Named BHUNT, the malware has been propagated across the world.

Diving into details

BHUNT is a new crypto stealer family and was spotted by Bitdefender. It is written in .NET and is capable of pilfering wallet content from Electrum, Bitcoin, Ethereum, Exodus, and Atomic, among others. 
  • It can also exfiltrate passwords stored in browsers and passphrases captured from clipboards. 
  • The campaign is active across the U.S., Australia, Germany, Egypt, Japan, Indonesia, India, Malaysia, South Africa, Singapore, Norway, and Spain. 
  • Experts surmise that it is delivered via cracked software installers. 

Modus operandi

The infection chain commences with the execution of a dropper that writes heavily encrypted binaries. 
  • The binary files are encrypted with commercial packers, such as VMProtect and Themida. 
  • Subsequently, the main element—a .NET malware—is launched and the results are moved to a remote server. 
  • It uses configuration scripts downloaded from public Pastebin pages.
  • BHUNT samples were found to be digitally signed with a digital certificate issued to a software company. However, the certificate is not a match with the binaries. 

Why this matters

The rise of BHUNT indicates that cryptojackers, infostealers, trojans, and clippers are driving the growth of crypto-related crime. For instance, CryptBot raked almost half a million dollars worth of Bitcoin last year, as per a report by Chainalysis. In addition to this, the stolen information can have a massive impact on the privacy of victims as the account tokens and passwords can be exploited to perform further fraud for financial benefits. 

The bottom line

While the cybersecurity industry has been dealing with malware for quite some time now, the use of these malware to steal cryptocurrency indicates that there is a need for upping the defense game. BHUNT is emerging to be a pretty dangerous threat and Bitdefender suggests staying away from downloading software from unknown sources to stay safe. 

Cyware Publisher