New BHUNT Malware Targets Crypto Wallets

January 27, 2022 3:17 pm Comments

Popular cybersecurity and antivirus company BitDefender has recently announced the detection of a new kind of malware that targets cryptocurrency wallets called BHUNT.

It is reported that BHUNT enters a user’s computer using infected software installs that consist of mostly cracked software.

So far, it is known that BHUNT can attack a variety of different cryptocurrency wallets which includes Bitcoin, Ethereum, Litecoin, Electrum, and more.

Once the software is installed on a computer, it is possible that it can transfer funds from the users wallet to another external wallet.

The BHUNT malware also exhibits behavior of other common malware which includes stealing the user’s private information from the PC.

BitDefender has described this particular malware as particularly troublesome due to the fact that it is encrypted and mimics digitally signed software which makes it difficult to detect. reports:

Bitdefender concluded that BHUNT was released in the wild with no clear target by the way it has spread. On how the software spread, Bitdefender’s report states:

All our telemetry originated from home users who are more likely to have cryptocurrency wallet software installed on their systems.

This target group is also more likely to install cracks for operating system software, which we suspect is the main infection source.

The company indicated the level of infections detected on a map, and the countries with the most infections presented were Australia, Egypt, Germany, India, Indonesia, Japan, Malaysia, Norway, Singapore, South Africa, Spain, and the U.S.

Bitdefender also issued recommendations to avoid being infected with BHUNT or with other, similar password-stealing malware.

“The most effective way to defend against this threat is to avoid installing software from untrusted sources and to keep security solutions up to date,” the report concluded.

The emergence of the BHUNT malware is another sign that hackers and information stealers are turning their attention to the crypto world as the industry has seen explosive growth over the past couple of years.

In correlation, crypto scams have increased year over year targeting users who are not familiar with how crypto works and the potential risks.

For example, Cryptbot was a trojan that was able to rake in almost half a million dollars in pilfered Bitcoin in 2021 alone.

Going into more detail on how BHUNT actually works, it is executed when a user unknowingly installs a piece of software from an untrusted source. explains:

According to the experts, the malware spreads via cracked software installers and infected users in multiple countries, including Australia, Egypt, Germany, India, Indonesia, Japan, Malaysia, Norway, Singapore, South Africa, Spain, and the US.

“BHUNT stealer exfiltrates information about cryptocurrency wallets and passwords, hoping for financial gain.” concludes the report that also includes Indicators od Compromise (IoCs).

“Its code is straightforward and the delivery method is similar to that of existing successful malware, like Redline stealer.

Security experts recommend that to avoid the BHUNT malware and to minimize risk of theft as much as possible, never install any applications from untrusted sources and to always have an up to date security software turned on to detect such malware.

Join the conversation!

We have no tolerance for comments containing violence, racism, profanity, vulgarity, doxing, or discourteous behavior. If a comment is spam, instead of replying to it please click the icon below and to the right of that comment. Thank you for partnering with us to maintain fruitful conversation.