Bitdefender, a cybersecurity and antivirus company, has detected BHUNT, a new kind of malware that targets cryptocurrency wallets via software installs. The malware works on top of installs of unsecured or cracked software, that already comes packaged with the system to be deployed on desktop environments. Once installed, the software extracts passphrases and seeds from popular wallets.
BHUNT Malware Spotted in the Wild
Bitdefender, a leading cybersecurity firm, has issued a report regarding a new kind of password stealer that focuses on cryptocurrency wallets users have on their PCs. BHUNT, as this new malware is called, enters computers through infected software installs, mostly of cracked software. According to the technical document issued on the software, BHUNT attacks Exodus, Electrum, Atomic, Jaxx, Ethereum, Bitcoin, and Litecoin wallets. Once installed, the software can transfer the funds of the users to another wallet, and also steal other private data residing in the infected computer.
Password stealers are not new to the PC sector, as computers can already be infected by various viruses that also have these capabilities. What is special about this software is that its presence is heavily encrypted and it is packaged as digitally signed software, but the issued certificate does not match with the binary of the program.
Infection and Prevention
Bitdefender concluded that BHUNT was released in the wild with no clear target by the way it has spread. On how the software spread, Bitdefender’s report states:
All our telemetry originated from home users who are more likely to have cryptocurrency wallet software installed on their systems. This target group is also more likely to install cracks for operating system software, which we suspect is the main infection source.
The company indicated the level of infections detected on a map, and the countries with the most infections presented were Australia, Egypt, Germany, India, Indonesia, Japan, Malaysia, Norway, Singapore, South Africa, Spain, and the U.S.
Bitdefender also issued recommendations to avoid being infected with BHUNT or with other, similar password-stealing malware. “The most effective way to defend against this threat is to avoid installing software from untrusted sources and to keep security solutions up to date,” the report concluded.
Recently, a torrent that contained the new “Spiderman: No Way Home” movie was reported to also contain cryptocurrency malware.