Upon conducting a detailed analysis, the researchers unveiled the full scope of BunnyLoader’s capabilities. This malicious service is capable of deploying stage-two malware, pilfering stored browser passwords, extracting system information, executing remote commands on compromised endpoints, capturing keystrokes via a built-in keylogger, and monitoring the clipboard for cryptocurrency wallet addresses.
One particularly insidious feature of BunnyLoader involves its monitoring of the clipboard. When a victim intends to send a cryptocurrency payment, they typically copy and paste the recipient’s wallet address due to the complexity of these addresses. Malware that monitors the clipboard can detect when the victim copies a wallet address and surreptitiously replace it with an address controlled by the attacker. Consequently, any initiated payment directs funds to the attacker’s account.
