BHUNT Malware Goes After Cryptocurrency Users

dexphot cryptojacker malware

It is not a secret that cybercriminals have an affinity towards cryptocurrencies – many of which allow them to cover their online tracks. Often, they use ransomware attacks to siphon Bitcoin or Monero out of their victims, but there are even more dangerous threats for people who operate with cryptocurrencies on a daily basis. The BHUNT Malware is one of these threats. This information stealer focuses heavily on exfiltrating information related to cryptocurrency wallets, passwords, recovery phrases, and other sensitive data.

Infostealer attacks are exceptionally dangerous, because the victim rarely sees any red flags before they realize that their credentials have been compromised. And at this point, it is usually too late to do anything. The BHUNT Malware is likely to be spread with the help of fake downloads, fake copies of popular apps, pirated content, etc.

It would appear that instances of the BHUNT Malware inject their code into the explorer.exe process to make their detection even more challenging. So far, a large portion of BHUNT Malware's victims are located in India, but it would appear that the threat is not focused on a specific region – there are victims all over the world.

BHUNT Malware Features

Stealing wallet contents is, of course, not the only goal of this information stealer – it tries to harvest plenty of other data as well. The malware will allow its operators to:

  • Download and initialize additional payloads.
  • Hijack clipboard data.
  • Steal browser cookies, passwords, and other data.
  • Automatically remove leftover files and logs to minimize its footprint.

Avoiding the BHUNT Malware attack can be done by following two simple rules – do not interact with pirated/non-trustworthy content, and always use an up-to-date security software suite.

January 20, 2022