Researchers have discovered a new malware in the wild targeting cryptocurrency wallets. Identified as BHUNT, this malware executes a bit differently from most other crypto stealers.
BHUNT Cryptocurrency Stealing Malware
According to the latest report from Bitdefender, the newly discovered BHUNT malware is active in the wild, targeting cryptocurrency users. While it isn’t unique in its intended target, it executes differently from most other cryptostealers.
The researchers identified the malware as “BHUNT” given its assembly’s name. It appears a potent cryptocurrency stealing malware written in .NET that exfiltrates crypto wallets to steal data. Some of its targeted wallets include Atomic, Bitcoin, Electrum, Ethereum, Exodus, Jaxx, and Litecoin wallets. They found this new malware while monitoring crypto wallets. As stated in their post,
We spotted a dropper with a hidden file that ran from the \Windows\System32\ folder. The dropper always wrote the same file, mscrlib.exet to the disk.
BHUNT malware exhibits heavily encrypted binary files bearing some unmatched digitally signed certificates.
As for the malware components, BHUNT includes wallet.dat and seed.seco files for stealing cryptocurrency, clipboard data, and passphrases for account recovery. It also downloads and uses encrypted configuration scripts from public Pastebin pages.
In addition, this malware also targets web browsers to steal cookies, stored passwords, and other sensitive data.
Users Should Stay Vigilant
Cryptocurrency has become a lucrative niche for cybercriminals to make money. From cryptocurrency exchanges to users’ wallets, the hackers never miss a chance to steal money.
BHUNT is one such addition to the realm of cryptostealers. Preventing it, like any other cryptostealing malware, requires some basic security practices.
In this regard, the researchers advise users not to download and install any apps from untrusted sources. Also, the users should never disable antimalware and other security solutions to prevent such malicious software from reaching their devices.
Besides, users should also avoid saving their passwords and sensitive crypto data in browsers or other accessible places. Using robust password managers and maintaining offline data storage can help prevent such threats.