Zscaler ThreatLabz   , a group of cybersecurity experts, has recently discovered a new threat known as BunnyLoader. This malware-as-a-service (MaaS) loader is actively being developed and poses a challenge for experts due to its fileless execution.
BunnyLoader is a fileless loader malware that is being sold on multiple hacking forums for $250. It offers a range of functionalities, including keylogging , clipboard monitoring for cryptocurrency theft  , and remote command execution capabilities  . Since its release in September 2023  , BunnyLoader has undergone several iterations  , with updates addressing bugs and introducing new features  . The malware’s core functions are controlled through a command-and-control (C2) panel , which oversees tasks such as downloading additional malware  , keylogging   , credential theft  , and remote command execution   . To ensure persistence, BunnyLoader makes changes to the Windows Registry and performs sandbox and virtual machine checks before activating its malicious behavior . It also possesses anti-analysis techniques and interacts with C2 servers to evade detection. One notable feature is a clipper module that replaces cryptocurrency addresses in the victim’s clipboard . BunnyLoader targets cryptocurrency wallets and messaging applications , and can have severe implications , including privacy breaches , financial losses , compromised security , and legal ramifications . Users of BunnyLoader have access to statistics and can manage active tasks . Zscaler’s security researchers are committed to monitoring these attacks and protecting customers from BunnyLoader’s evolving tactics and new features . They have published a detailed report on BunnyLoader to provide further information and guidance.
BunnyLoader is a continuously evolving C/C++-based loader that integrates anti-sandbox and antivirus evasion techniques . Its fileless loading capability makes it difficult for antivirus solutions to detect and remove . Managed through a command-and-control (C2) panel  , BunnyLoader allows buyers to monitor active tasks , infection statistics  , and control compromised machines . Its advanced capabilities and ability to evade detection pose a significant risk , emphasizing the need for organizations to adopt robust cybersecurity measures . Zscaler’s ThreatLabz team will continue to monitor BunnyLoader to protect their customers .