Dark Angels ransomware receives record-breaking $75 million ransom

A Fortune 50 company paid a record-breaking $75 million ransom payment to the Dark Angels ransomware gang, according to a report by Zscaler ThreatLabz.

The largest known ransom payment was previously $40 million.

#DarkAngels #ThreatLabz #Chainalysis #ransomware #malware #security #cybersecurity #hackers #hacking

https://www.bleepingcomputer.com/news/security/dark-angels-ransomware-receives-record-breaking-75-million-ransom/

Low-Drama ‘Dark Angels’ Reap Record Ransoms

https://krebsonsecurity.com/2024/08/low-drama-dark-angels-reap-record-ransoms/

#AmerisourceBergenCorporation #BleepingComputer #BrettStone-Gross #ALittleSunshine #DataBreaches #DunghillLeak #Ransomware #DarkAngels #ransomware #ThreatLabz #Cencora #Zscaler #sophos #Sabre #Sysco

"🐰 BunnyLoader Unleashed: The Newest Kid on the Malware Block 🐰"

In a recent discovery, Zscaler ThreatLabz stumbled upon a new Malware-as-a-Service (MaaS) threat named "BunnyLoader" being peddled on various forums. This nefarious service offers a plethora of malicious functionalities including downloading and executing a second-stage payload, pilfering browser credentials and system information, keylogging, and even cryptocurrency theft through clipboard manipulation. 🕵️‍♀️💻

The malware, written in C/C++, is sold for a lifetime price of $250 and is under rapid development with multiple feature updates and bug fixes. It employs various anti-sandbox techniques during its attack sequence to evade detection and has a fileless loader feature which executes further malware stages in memory. BunnyLoader's C2 panel allows the threat actor to control infected machines remotely, showcasing a list of various tasks including keylogging, credential theft, and remote command execution among others. 🛑🔐

The detailed technical analysis reveals how BunnyLoader maintains persistence, performs anti-VM techniques, registers with the C2 server, and executes its core malicious tasks. The malware also harbors a clipper module to replace cryptocurrency addresses in a victim's clipboard with addresses controlled by the threat actor, targeting multiple cryptocurrencies like Bitcoin, Ethereum, and Monero. 🪙💸

The article is a comprehensive dive into the technical intricacies of BunnyLoader, shedding light on its modus operandi and the potential threat it poses to individuals and organizations alike. 🧐🔍

Source: Zscaler ThreatLabz

Tags: #BunnyLoader #MalwareAsAService #CyberSecurity #ThreatAnalysis #Malware #CryptocurrencyTheft #Zscaler #ThreatLabz #InfoSec

Authors: NIRAJ SHIVTARKAR, SATYAM SINGH