Bunny Loader: Another Clipboard malware

[Ever-young]

Since my thread on clipboard virus and many other viruses which have been discussed before the one I letter brought to this forum, I have seen that this hackers or group of hackers are not just ending their scamming schemes they are doing everything within them to upgrade their tools and make sure they are prepared for which ever tools that people are using to protect them self from being victim of their hack.

This one they have gotten to a stage where some of the virus are not even being detected by most of our highly recommended antivirus has proven that the hackers have upgraded beyond measures, with or without using any anti virus we all just have to be careful on with what we click on our system that we use for our crypto wallet as that’s their major target.

If it’s even possible one should just have one device aside for just crypto wallet and and other ones which can be use to run any online actives and erra because we can’t really tell where most of this virus are coming from unless for the source which has already been discovered and identified we don’t know where else their malicious link could be found.

[1714788616]

1714788616

[MusaMohamed]

Installing the latest antivirus software is a poor advice and may be provided by some technical articles, but antiviruses update their database periodically, which means that there may be viruses that are not present in the database, which gives high probability false positive reports.

If those Antivirus softwares are not updated fast enough to deal with newest viruses, they will have to base on old data and scanning with them potential results in false negative report. That if we trust on false negative report from those softwares and think our devices are clean, we can lose our coins.

- Check the title completely, or at least the first and last 8 characters.
 - Make sure everything is correct before broadcasting the transaction.

The biggest fear and threat is losing coins directly by a device and wallet compromise.

Checking some first and last characters of a Bitcoin address is a good practice.
How to lose your Bitcoins with CTRL-C CTRL-V.

Years ago, online services don't have the reminders for their users but recent years, it becomes a mandatory step when you submit a withdrawal request to an exchange. Spending a couple of seconds to check some characters is worthy to do and help us to avoid loss.

[pixie85]

It's very easy to spot it.
Make sure you make double checking everything into a habit.

Good builder always repeats this like mantra: measure twice, cut once. You do the same with your transactions, double check then press the button. So, after pasting the address I read it and compare to the original. If I see a change that's a red flag. I haven't had that keylogger yet but if I ever spot it I'll stop right there, disconnect my network cable, run anti virus software, then change all the recently used wallet passwords in offline mode.

[Pmalek]

If you can afford it, get yourself a separate laptop for your less safe activities. Like downloading pirated movies and software. Especially for late-hour XXX adventures. Keep such stuff away from your main devices so even if something happens, you can easily recover. 

Using a hardware wallet does not exempt one from being a potential victim to clipboard malware, as some people believe. Though the screen of the device will show you the address you are going to send the TX to, and you can (and should) contrast that against your intended address, you need to check against the original intended address, not the address you copied and pasted on the wallet interface (clipboard malware can change the address between the address you copied, and the pasted address on the wallet’s interface – i.e. Trezor Suite or Ledger Live).

That's correct in theory but has anyone ever seen it in practice? Do we have a documented case where a user saw a different address in his Trezor Suite or Ledger Live compared to the information that was later displayed on the hardware wallet screen?

Could it be possible that this could occur by just opening a mail?

I seriously doubt it. Such malware is associated with attachments or links where you automatically download and install it in the background. Opening and reading phishing emails or social engineering scams won't infect you. But that doesn't mean you should do it because it increases the possibility that you could click on something in those emails.

[DdmrDdmr]

<…>

I was really aiming at prior step in the chain though in my comment, which would seem more like a potentially feasible situation one may encounter, and that having using a hardware wallet should not exempt the user from being cautious about.

Say someone wanted to pay in bitcoin for a given service/item on a certain ecommerce site. The site will show an address (A), and the user may copy/paste the address from the site to Trezor Suite/Ledger Live (B) wallet interface. Then he’ll use his hardware wallet (C) to generate the payment transaction.

In this scenario, a clipboard malware could change the address copied in step A in such a way that the pasted address value in step B is now different (i.e. the malicious actor’s address). The user may happily compare the (now malicious) address shown in step B with that of the hardware wallet’s address in step C, see they’re the same, and happily sign the payment TX. What I wanted to stress is that one really needs to compare the address on the screen (step C) with the original address back in step A (the seller’s provided address), and not (just) B.

[Asuspawer09]

Interesting, good thing that you posted this one here making a lot of members here in the Forum about this one, It a pretty interesting malware looking for information that is actually related to cryptocurrency, there are for sure some obvious things here like credit cards, download, history, password, autofill data. I mean you would really save something like that on a computer even though it is for sure your personal computer, because of something like this because now if the hacker is able to gain access to your computer they could easily access this information as well where it could easily lead to getting hack and losing your money.

I mean if you actually know what you are doing this hacker cannot really access your computer since this malware needs to run first and if you dont really download anything that is suspicious for sure there was nothing to worry about, so just avoid downloading things that is not really trusted like, for example, your going to download a file from a really suspicious website, or download a file that is sent by an unknown email on your email account or downloading crack games, this files might contain malware, virus, etc. that could easily wipe your cryptocurrency, you could for sure buy a cheap laptop where you're only going to use it for cryptocurrency to avoid this.

[Learn Bitcoin]

I am afraid of this malware. The problem is we don't know when these malware affect our machines until we notice the changes of address. Most of us do not double-check the address before we send the crypto to the destination. I wonder how this malware enters the system. Do these malware get downloaded with other programs? Let's say I did not download any program or file in the last couple of months, do I still have the possibility to get affected? Can those malware get into my machine just by visiting some random links? If this malware cannot get into a PC without downloading any program, then it's a relief. Otherwise, it's a big threat as we always click random links.

[Pmalek]

<Snip>

You should always compare the address on the hardware wallet screen to the address of the source. In your example, the source is the ecommerce site, not the Trezor Suite/Ledger Live software. If those addresses match, you are good to go. The one problem that could still arise is that the source displays a wrong address, but in that case, it's their mistake and you just sent money where they told you to. 

Most of us do not double-check the address before we send the crypto to the destination.

I know that I do, multiple times. If you belong to the group that doesn't do it, you better change for your own good. One slipup and your coins are gone.

[Learn Bitcoin]

Most of us do not double-check the address before we send the crypto to the destination.

I know that I do, multiple times. If you belong to the group that doesn't do it, you better change for your own good. One slipup and your coins are gone.

I know I have to be careful with it. These things are habits. If someone is concerned about their security, they always double-check these things before performing actions. Usually, I do not check does not mean I always do not check. I check sometimes, but I have to be careful with it.

Did you read the other part of my post? I want to know how can I escape this malware. How they get into the system. I will have to do some research if I do not get any reply here. Usually, I click on random website links provided by forum members, social media people, and friends.

[Pmalek]

Did you read the other part of my post? I want to know how can I escape this malware. How they get into the system. I will have to do some research if I do not get any reply here.

I saw it but I don't know how people get infected. I treat everything I am unsure of as a potential threat and it has helped me to protect my devices from malware of all kinds.

Usually, I click on random website links provided by forum members, social media people, and friends.

I can only advice you to stop. That's one way how to get infected with something. Limiting your curiosity helps you be safe online. If the links and messages come from friends, it doesn't mean they are safe. Those friends might not wish you any harm, but they too might have been infected with something that is now spreading by itself. Try to apply as much common sense as you can to anything you do online and think twice before doing something.