Crypto Wallets and Passwords Targeted by BHUNT Malware

Researchers have recently discovered a new malware they named BHUNT. This targets passwords, security phrases, and cryptocurrency wallet contents.

BHUNT Crypto Stealer: More Details

The Bitdefender researchers were the ones who identified this new malware dubbed BHUNT and analyzed it in a report recently published.

We named the stealer BHUNT after the main assembly’s name. BHUNT is a modular stealer written in .NET, capable of exfiltrating wallet (Exodus, Electrum, Atomic, Jaxx, Ethereum, Bitcoin, Litecoin wallets) contents, passwords stored in the browser, and passphrases captured from the clipboard.


How does BHUNT evade detection? This malware is encrypted by means of two virtual machine packers: Themida and VMProtect, a thing that makes it hard to detect.

The malware executable is also signed using a stolen Piriform digital signature by threat actors. However, the Digitial Signature Information window shows that this is invalid because of a binary mismatch.

Image Source

According to the researchers, BHUNT malware is injected into the executable explorer.exe, managing to reach the targeted system by means of KMSpico downloads. KMSpico stands for a well-known utility that allows the illegal activation of Microsoft products.

Which Countries Are Impacted by BHUNT Malware?

The experts highlighted in their report that

Read More: