Bitdefender reported a new type of crypto-wallet stealing malware dubbed BHUNT. It targeted various cryptocurrency wallets and their associated security phrases and passwords.
This new type of malware is very stealthy and can easily hijack digital currency wallets. The discovery and development of the new type of malware were handled by security company Bitdefender, which recently shared their findings with Bleepping Computer.
Unlike other crypto-wallet attacks, BHUNT is built to evade detection and avoid triggering security warnings. To this purpose, malware is heavily encrypted using Themida and VMProtect.
The attackers signed the malware using a stolen digital signature taken from Piriform, the developer of CCleaner.
According to Bitdefender, the malware was injected into explorer.exe and was probably delivered to a compromised system through the use of a utility known as KMSpico. This tool is part of KMS (Key Management Services), Microsoft’s license activation system.
The malware has been detected in various countries, with its biggest concentration being in India.
Once the attacker has gained access to the wallet’s seed or configuration file, they can then steal the cryptocurrency stored there by importing the wallet to their own devices.
Although it mainly focuses on financial transactions, the malware can also collect other sensitive information such as passwords and account details.
“While the malware primarily focuses on stealing information related to cryptocurrency wallets, it can also harvest passwords and cookies stored in browser caches,” explains Bitdefender’s report. “This might include account passwords for social media, banking, etc. that might even result in an online identity takeover.”
To avoid getting infected by the malware, avoid downloading and installing unauthorized software or using cracks and fake product activators.