Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Indian Crypto Wallet. Show all posts

Indian Crypto Wallets Targeted by Newly Discovered ‘BHUNT’ Malware

 

Threat actors are now stealing cryptocurrency wallet contents, and passwords by targeting the crypto wallets. Researchers from cyber security firm Bitdefender discovered crypto wallet hijacking malware dubbed ‘BHUNT’ targeting victims’ devices through installations of malicious software and attacks Exodus, Electrum, Atomic, Jaxx, Ethereum, Bitcoin, and Litecoin wallets. 

To bypass detection and triggering security warnings, the malware employs Themida and VMProtect, two virtual machine packers that hinder reverse-engineering and analysis by researchers.

"BHUNT is a modular stealer written in .NET, capable of exfiltrating wallet (Exodus, Electrum, Atomic, Jaxx, Ethereum, Bitcoin, Litecoin wallets) contents, passwords stored in the browser, and passphrases captured from the clipboard," Bitdefender researchers explained in a technical report.

The modus operandi of using cracked software installers as an infection source for initial access mirrors similar cybercrime campaigns that have leveraged tools such as KMSPico, a popular utility for illegally activating Microsoft products. "Most infected users also had some form of crack for Windows (KMS) on their systems,'' the researchers noted.

The researchers indicated the level of infections spotted on a map, and the countries with the most infections presented were Australia, Egypt, Germany, India, Indonesia, Japan, Malaysia, Norway, Singapore, South Africa, Spain, and the U.S.

The main feature of BHUNT is 'mscrlib.exe,' which exfiltrates further modules that are executed on a compromised system to perform different malicious activities. Each module is designed for a specific purpose ranging from stealing cryptocurrency wallets to stealing passwords. Using a modular approach, the threat actors can customize BHUNT for different campaigns or easily add new features. 

Once the attackers gain access to the wallet's seed or configuration file, they can use it to import the wallet on their own devices and steal the contained cryptocurrency. Although BHUNT's focus is clearly financial, its information-stealing capabilities could enable its operators to gather much more than just crypto-wallet data. 

"While the malware primarily focuses on stealing information related to cryptocurrency wallets, it can also harvest passwords and cookies stored in browser caches. This might include account passwords for social media, banking, etc. that might even result in an online identity takeover," researchers added.

Bitdefender also published recommendations to avoid being infected with BHUNT or with other, similar password-stealing malware. To mitigate risks, users should simply avoid downloading pirated software, cracks, and illegitimate product activators.