Bunny Loader: Another Clipboard malware - page 2.

btc_angela

hero member

Activity: 2660

Merit: 551

Quote from: 348Judah on October 04, 2023, 05:04:59 AM

This is very important to take note that such attack had been existing before now, this should be a reminder as well that they ain't stopping in this kind of operational mode to attack others and steal their bitcoin, i remember one of the main threads that also introduced how one can loose his bitcoin through ctrl c and ctrl p https://bitcointalksearch.org/topic/how-to-lose-your-bitcoins-with-ctrl-c-ctrl-v-5190776 if we are aware of this kind of malicious attack, we will always stay safe and be unaffected following both recommendations that prevents one from such attack.

Yes, this kind of attacks won't top, and on the contrary, they will continue to developed more clipboard malware that is more advanced that the previous one. So very difficult to caught this if our machines are infected already. And I remember that when this kind of malwares are first spotted, there are several members here who reported and fall victims.

And so we already know this kind of attacks and hopefully this is a reminder that this malware is still in existence and so we shouldn't forgot to check everything before sealing our transactions because once is done, we can't revert it back.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: hugeblack on October 04, 2023, 05:20:51 AM

Installing the latest antivirus software is a poor advice and may be provided by some technical articles, but antiviruses update their database periodically, which means that there may be viruses that are not present in the database, which gives high probability false positive reports.

I would not say that this is bad advice, especially if it is a premium AV that updates its database of antivirus definitions several times a day and has good heuristic analysis that can detect viruses/malware even if it is not in the definition database. However, as far as I remember from some previous discussions, clipboard malwares usually cannot be detected using AV, although I don't know if anything has changed in that regard.

Quote from: hugeblack on October 04, 2023, 05:20:51 AM

Using hardware wallets or open source wallets will not change anything here, but rather:

- Do not install applications that you do not trust.
- Check the title completely, or at least the first and last 8 characters.
- Make sure everything is correct before broadcasting the transaction.

Today it is hard to believe that an app is reliable (trusted) unless it is an app that has millions of downloads and it is possible to verify it before installing it. Even if it is in one of the legitimate app stores, it does not mean that we should consider it 100% safe - and what can we say about those cracked apps that are downloaded via torrents or various suspicious websites.

In much simpler terms, if you know how to behave online, have a solid AV/firewall and don't use cracked software, the chances of picking up something like clipboard malware are very low or none.

hugeblack

legendary

Activity: 2702

Merit: 4002

Installing the latest antivirus software is a poor advice and may be provided by some technical articles, but antiviruses update their database periodically, which means that there may be viruses that are not present in the database, which gives high probability false positive reports.

Using hardware wallets or open source wallets will not change anything here, but rather:

- Do not install applications that you do not trust.
- Check the title completely, or at least the first and last 8 characters.
- Make sure everything is correct before broadcasting the transaction.

348Judah

hero member

Activity: 714

Merit: 521

This is very important to take note that such attack had been existing before now, this should be a reminder as well that they ain't stopping in this kind of operational mode to attack others and steal their bitcoin, i remember one of the main threads that also introduced how one can loose his bitcoin through ctrl c and ctrl p https://bitcointalksearch.org/topic/how-to-lose-your-bitcoins-with-ctrl-c-ctrl-v-5190776 if we are aware of this kind of malicious attack, we will always stay safe and be unaffected following both recommendations that prevents one from such attack.

Yaunfitda

hero member

Activity: 2870

Merit: 594

Quote from: Faisal2202 on October 04, 2023, 03:04:59 AM

Thanks for bringing this useful information in front of us, I mean hackers are now breaking their limits with such upgradation, but to be honest I am really disappointed to see that they are only selling it for $250 dollars. That's too low. And those who will become victims, who know how much loss they are going to make. Tongue

I think the group wanted to impressed in the beginning, that's why they are selling it for a cheap price. But as reported, there are upgrades already and it will be upgraded again and again.

Quote from: Faisal2202 on October 04, 2023, 03:04:59 AM

Overall, the working mechanism of this tool is straightforward, and if they are attacking the above wallets then I am safe Because using none of them (Well this also can be used to filter my address by hackers if they are here on BTT using this tool Grin

)

What pre-cautions should we take besides just not clicking on doubtful emails?

The moral lesson here is that everyone is vulnerable, no one should think that everyone is safe because you really don't know the extent this cyber criminals can do specially with this kind of weapons. They can even control everything from their command and center (C&C) and monitor what they are doing in your own device. This posts by @LoyceV is very helpful as well with regards to Clipboard malware, How to lose your Bitcoins with CTRL-C CTRL-V.

Findingnemo

hero member

Activity: 2366

Merit: 793

Bitcoin = Financial freedom

Quote from: DdmrDdmr on October 04, 2023, 02:42:03 AM

The article doesn't seem to indicate how the malware is spreading, but the threat library provides entries that reference the initial access being made (or perhaps, likely made) through either a spearphishing attachment or a spearphishing link, some of the most common forms for spreading malware.

Bunny loader is basically a trojan that is highly rated for its potential to cause damage to victims based on its nature which is capable of extracting almost everything from your device from keystrokes, browser history, auto-fill details, cookies, and also with the ability to replace the data like wallet addresses.

As you said it mostly affects the system via emails pretending to be one of the services they are already using or random downloads from unknown websites. But it seems highly undetectable as per many cyber security experts and can stay unnoticed forever so the best possible solution is to stay away from downloading it in the first place.

Here is an article that explains how can we manually remove the Bunny loader - MaaS

How to remove BunnyLoader from the operating system

Faisal2202

hero member

Activity: 1414

Merit: 513

Payment Gateway Allows Recurring Payments

Thanks for bringing this useful information in front of us, I mean hackers are now breaking their limits with such upgradation, but to be honest I am really disappointed to see that they are only selling it for $250 dollars. That's too low. And those who will become victims, who know how much loss they are going to make. Tongue

Overall, the working mechanism of this tool is straightforward, and if they are attacking the above wallets then I am safe Because using none of them (Well this also can be used to filter my address by hackers if they are here on BTT using this tool Grin

)

What pre-cautions should we take besides just not clicking on doubtful emails?

DdmrDdmr

legendary

Activity: 2338

Merit: 10802

There are lies, damned lies and statistics. MTwain

The article doesn't seem to indicate how the malware is spreading, but the threat library provides entries that reference the initial access being made (or perhaps, likely made) through either a spearphishing attachment or a spearphishing link, some of the most common forms for spreading malware.

Side note:
Using a hardware wallet does not exempt one from being a potential victim to clipboard malware, as some people believe. Though the screen of the device will show you the address you are going to send the TX to, and you can (and should) contrast that against your intended address, you need to check against the original intended address, not the address you copied and pasted on the wallet interface (clipboard malware can change the address between the address you copied, and the pasted address on the wallet’s interface – i.e. Trezor Suite or Ledger Live).

Churchillvv

member

Activity: 66

Merit: 5

Eloncoin.org - Mars, here we come!

Security consciousness is the first thing everyone of us here should hold firmly, because the more we tryna make things better for us that's the same way hackers are working hard to reduce our efforts. My most serious concern is the fact that the author Poker BL confirm it, to be a fileless loading feature that "makes it difficult for the antiviruses to remove the attackers malware. Which means it might have been in action in ours machines without our notice, so what then can we even do to stop it?. It's really depressing to find this kind of information that your investments or credentials are at risk using your browsers, and most times we can't even avoid using this browser because they are still very important at same time.
Well, thank you for this information because it has created an awareness in us.

Kemarit

legendary

Activity: 3080

Merit: 1353

A newly evolved Clipper and a keylogger called “BunnyLoader”. And we all know that there are a lot of variants of keylogger and clipboard malware that replaces crypto currency wallet with that to a wallet address that this criminal controls. This malware has undergone some transformation already, and it's very clever to see that it will test if your system runs on sandbox and usernames. So the Clipper looks for cryptos:

Also looks for this information to steal:

So it's very important for us crypto enthusiast to learn how to protect from this kind of malware. We need to install the latest anti-virus, and not just to download any crack softwares as this is where this criminals exploited their victims. When we thought that we can get free softwares, but we don't know that the criminals have laded it with a lot of malwares and we will only know until it's too late. And for the Clipper capability of this malware, we should check the details of the addresses that we are going to send to, make sure everything is correct so that we will not be a victim here. And obviously, do not click any links like in our email, maybe it doesn't look suspicious at all, but if we don't know the source or even know the source, we should be very very careful.

https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Topic: Bunny Loader: Another Clipboard malware - page 2. (Read 273 times)