Emerging Threats

New malware-as-a-service BunnyLoader is being sold on the web

Ray Fernandez

Oct 13, 20233 min read

New malware-as-a-service BunnyLoader is being sold on the web: Header image

Malware-as-a-service (MaaS) continues to gain momentum. With MaaS, criminals code, update, promote, and sell malicious software on the dark web to anyone who wants to use it. The newly discovered BunnyLoader malware shows just how sophisticated this type of software can be. 

Zscaler ThreatLabz found that BunnyLoader, a new malware-as-a-service threat, was being promoted and sold on various forums. Malware-as-a-service allows any criminal to access state-of-the-art and easy-to-use malware, which they can use to run a wide range of cyberattacks. Some of these criminal enterprises even offer support for those using the malware. 

But what is different about BunnyLoader? First, it’s a new malware. Second, it can do all kinds of nasty tricks. 

What can BunnyLoader do?

To understand how serious BunnyLoader is, all we have to do is look into what it can do. The 1.0 version of BunnyLoader was released on September 4, 2023. In less than one month, it has been updated and enhanced 10 times. The latest version, BunnyLoader v2.0, can: 

  • Steal sensitive information and cryptocurrency
  • Execute malware deployment 
  • Remotely control infected devices 
  • Spy on and monitor victims 
  • Replace cryptocurrency wallet addresses with actor-controlled cryptocurrency wallet addresses
  • Steal browser data
  • Steal credit card information 
  • Evade detection
  • Use clipper crypto-malware to steal:
    – Bitcoin
    – Monero
    – Ethereum
    – Litecoin
    – Dogecoin
    – ZCash
    – Tether

Selling under a lifetime licensing plan for just $250, the malware has a user interface where bad actors can check their malware campaigns, monitor infected devices, remotely execute code, and do much more. 

Of even greater concern, Zscaler ThreatLabz says that BunnyLoader is rapidly evolving and developing, adding multiple features through constant updates and bug fixes.

BunnyLoader can also steal the following data from browsers:

  • AutoFill data
  • Credit cards
  • Downloads
  • History
  • Passwords

Plus, it can steal credentials from the following VPN providers and messaging apps:

  • ProtonVPN 
  • OpenVPN
  • Skype
  • Tox
  • Signal
  • Element

How BunnyLoader infects your device

BunnyLoader is a trojan. As such, it can infect devices using several techniques, the most common of which involve phishing and social engineering. Victims are tricked by convincing emails or messages that appear to come from legitimate sources, usually asking them to download a file containing the malware. Trojans are also known to hide in commonly used file extensions such as .pdfs or .docs.

Trojans can also breach a device by using drive-by downloads. These happen when a user visits a malicious website. This type of malware can also be installed without a user’s knowledge on a computer using infected USB devices and spread through networks, as well as hide in fake software or OS updates. 

How to stay safe from BunnyLoader

It’s important for Mac and iPhone users to pay special attention to any warnings that may appear while downloading apps or software, as once malware like BunnyLoader is installed, manually removing it can be very challenging.  

Screenshot of macOS warning user about a malicious app.
Source: Apple Support.

We recommend that all users get professional anti-malware software. Choose one that is updated and well-known in the industry if you don’t already have one on your computer. 

Note that research shows that BunnyLoader has excellent anti-detection capabilities. Therefore, the better the anti-malware solution, the greater your chance of removing it from your device. 

Once you have your anti-malware in place, run a full scan. Professional anti-malware is designed to detect numerous suspicious files and tasks linked to malware such as BunnyLoader. If your security software flags files, apps, or anything else on your device, click “Remove all threats” to get rid of BunnyLoader. 

Just as important as a good cybersecurity solution is how you behave online. The majority of trojans can only breach a computer, phone, or any other device through interaction with a victim. Therefore, keep an eye out for suspicious emails, SMS, social media requests, or strange-looking files, websites, or apps. 

This is an independent publication, and it has not been authorized, sponsored, or otherwise approved by Apple Inc. macOS and Mac are trademarks of Apple Inc.

Ray Fernandez Ray Fernandez
Ray has been covering tech and cybersecurity for over 15 years. His work has appeared on TechRepublic, VentureBeat, Forbes, Entrepreneur, and the Microsoft Blog, among others.