#threatlabz — Public Fediverse posts

In-Memory Loader Drops ScreenConnect

Security researcher ThreatLabz discovered an attack chain where attackers used a fake Acrobat Reader download to lure victims into installing ScreenConnect, a remote access tool that can be leveraged for malicious purposes.

Pulse ID: 69e24c2c6ab3af02c2d7bfbc
Pulse Link: https://otx.alienvault.com/pulse/69e24c2c6ab3af02c2d7bfbc
Pulse Author: CyberHunter_NL
Created: 2026-04-17 15:05:16

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #OTX #OpenThreatExchange #ScreenConnect #ThreatLabz #bot #CyberHunter_NL

Low-Drama ‘Dark Angels’ Reap Record Ransoms

https://krebsonsecurity.com/2024/08/low-drama-dark-angels-reap-record-ransoms/

#AmerisourceBergenCorporation #BleepingComputer #BrettStone-Gross #ALittleSunshine #DataBreaches #DunghillLeak #Ransomware #DarkAngels #ransomware #ThreatLabz #Cencora #Zscaler #sophos #Sabre #Sysco

Low-Drama ‘Dark Angels’ Reap Record Ransoms https://krebsonsecurity.com/2024/08/low-drama-dark-angels-reap-record-ransoms/ #AmerisourceBergenCorporation #BleepingComputer #ALittleSunshine #BrettStoneGross #DataBreaches #DunghillLeak #Ransomware #DarkAngels #ransomware #ThreatLabz #Cencora #Zscaler #sophos #Sabre #Sysco

"🐰 BunnyLoader Unleashed: The Newest Kid on the Malware Block 🐰"

In a recent discovery, Zscaler ThreatLabz stumbled upon a new Malware-as-a-Service (MaaS) threat named "BunnyLoader" being peddled on various forums. This nefarious service offers a plethora of malicious functionalities including downloading and executing a second-stage payload, pilfering browser credentials and system information, keylogging, and even cryptocurrency theft through clipboard manipulation. 🕵️‍♀️💻

The malware, written in C/C++, is sold for a lifetime price of $250 and is under rapid development with multiple feature updates and bug fixes. It employs various anti-sandbox techniques during its attack sequence to evade detection and has a fileless loader feature which executes further malware stages in memory. BunnyLoader's C2 panel allows the threat actor to control infected machines remotely, showcasing a list of various tasks including keylogging, credential theft, and remote command execution among others. 🛑🔐

The detailed technical analysis reveals how BunnyLoader maintains persistence, performs anti-VM techniques, registers with the C2 server, and executes its core malicious tasks. The malware also harbors a clipper module to replace cryptocurrency addresses in a victim's clipboard with addresses controlled by the threat actor, targeting multiple cryptocurrencies like Bitcoin, Ethereum, and Monero. 🪙💸

The article is a comprehensive dive into the technical intricacies of BunnyLoader, shedding light on its modus operandi and the potential threat it poses to individuals and organizations alike. 🧐🔍

Source: Zscaler ThreatLabz

Tags: #BunnyLoader #MalwareAsAService #CyberSecurity #ThreatAnalysis #Malware #CryptocurrencyTheft #Zscaler #ThreatLabz #InfoSec

Authors: NIRAJ SHIVTARKAR, SATYAM SINGH