New BHUNT malware targets your crypto wallets and passwords


Level 85
Thread author
Top poster
Content Creator
Malware Hunter
Aug 17, 2014
A novel modular crypto-wallet stealing malware dubbed 'BHUNT' has been spotted targeting cryptocurrency wallet contents, passwords, and security phrases.

This is yet another crypto-stealer added to a large pile of malware that targets digital currency, but it is worth special attention due to its stealthiness.

The discovery and analysis of the new BHUNT malware come from Bitdefender, who shared their findings with Bleeping Computer before publishing.

To evade detection and triggering security warnings, BHUNT is packed and heavily encrypted using Themida and VMProtect, two virtual machine packers that hinder reverse-engineering and analysis by researchers.

The threat actors signed the malware executable with a digital signature stolen from Piriform, the makers of CCleaner. However, as the malware developers copied it from an unrelated executable, it's marked as invalid due to a binary mismatch.