New BHUNT Malware Targets Cryptocurrency Wallets via Software Installs

shutterstock 1097913926

Bitdefender, a cybersecurity and antivirus company, has detected BHUNT, a new kind of malware that targets cryptocurrency wallets via software installs. The malware works on top of installs of unsecured or cracked software, that already comes packaged with the system to be deployed on desktop environments. Once installed, the software extracts passphrases and seeds from popular wallets.

BHUNT Malware Spotted in the Wild

Bitdefender, a leading cybersecurity firm, has issued a report regarding a new kind of password stealer that focuses on cryptocurrency wallets users have on their PCs. BHUNT, as this new malware is called, enters computers through infected software installs, mostly of cracked software. According to the technical document issued on the software, BHUNT attacks Exodus, Electrum, Atomic, Jaxx, Ethereum, Bitcoin, and Litecoin wallets. Once installed, the software can transfer the funds of the users to another wallet, and also steal other private data residing in the infected computer.

Password stealers are not new to the PC sector, as computers can already be infected by various viruses that also have these capabilities. What is special about this software is that its presence is heavily encrypted and it is packaged as digitally signed software, but the issued certificate does not match with the binary of the program.

Infection and Prevention

Bitdefender concluded that BHUNT was released in the wild with no clear target by the way it has spread. On how the software spread, Bitdefender’s report states:

All our telemetry originated from home users who are more likely to have cryptocurrency wallet software installed on their systems. This target group is also more likely to install cracks for operating system software, which we suspect is the main infection source.

The company indicated the level of infections detected on a map, and the countries with the most infections presented were Australia, Egypt, Germany, India, Indonesia, Japan, Malaysia, Norway, Singapore, South Africa, Spain, and the U.S.

Bitdefender also issued recommendations to avoid being infected with BHUNT or with other, similar password-stealing malware. “The most effective way to defend against this threat is to avoid installing software from untrusted sources and to keep security solutions up to date,” the report concluded.

Recently, a torrent that contained the new “Spiderman: No Way Home” movie was reported to also contain cryptocurrency malware.

Tags in this story

What do you think about the new BHUNT cryptocurrency-stealing malware? Tell us in the comments section below.

sergio@bitcoin.com'
Sergio Goschenko

Sergio is a cryptocurrency journalist based in Venezuela. He describes himself as late to the game, entering the cryptosphere when the price rise happened during December 2017. Having a computer engineering background, living in Venezuela, and being impacted by the cryptocurrency boom at a social level, he offers a different point of view about crypto success and how it helps the unbanked and underserved.

Image Credits: Shutterstock, Pixabay, Wiki Commons

Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

Read disclaimer