BlackBerry Prevents BHunt Scavenger

Hold onto your crypto wallets: BHunt Scavenger is among the latest threats targeting cryptocurrency holdings, while employing a variety of methods to avoid detection and slow analysis.

With its primary goal of harvesting victims' crypto wallets, BHunt also attempts to steal browser passwords. This is likely intended to help find login credentials stored for online crypto accounts, along with online banking or social media accounts that could be used for financial gains. In certain situations, BHunt can also deploy a cryptominer on the victim’s device or monitor their clipboard for security passphrases.

BHunt was initially discovered late last year by Bitdefender, who reported that the infection began with a dropper that was likely packaged with Key Management Service (KMS) cracking utilities. These utilities are popular tools designed to bypass Microsoft’s KMS, to illegally activate Microsoft® products such as Windows® 10.

BHunt’s strategy of dropping multiple files to disk is a devious way of spreading out the risk of detection across numerous components. Making use of legitimate tools such as Nirsoft’s WebBrowserPassView also makes it more difficult to detect these components of the malware on the victim’s system. Security products need to distinguish the context in which the legitimate binaries are being used, which is no easy feat for legacy antivirus software.

As cryptocurrencies continue to gain popularity, threat actors will continue to pursue this financial incentive with increasingly complex and stealthy crypto-stealers–keeping defenders on their toes.

To see how BlackBerry prevents BHunt Scavenger attacks from occurring, check out the following video, and watch BlackBerry go head-to-head with a live sample of BHunt.

DEMO VIDEO: BlackBerry vs. BHunt Scavenger

Learn more about BHunt in our deep dive blog Threat Thursday: BHunt Scavenger Harvests Victims’ Crypto Wallets.

Figure 1 – To showcase our predictive advantage, this demonstration employs a Cylance® AI model that has not been updated since 2015

Figure 2 – Both executables are stopped, pre-execution, and two .dll files at rest are also quarantined

Our Prevention-First Philosophy

At BlackBerry, we take a prevention-first and AI-driven approach to cybersecurity. Putting prevention first neutralizes malware before the exploitation stage of the kill chain.

By stopping malware at this stage, BlackBerry® solutions help organizations increase their resilience. It also helps to reduce infrastructure complexity and streamline security management, ensuring your business, people and endpoints are secure.

Video Transcription

In this demo video, we're going to test the Temporal Predictive Advantage of BlackBerry® Protect against BHunt Scavenger and its Sweet Bonanza module.

To demonstrate this, we are using a Cylance® AI model from 2015, and the system has no Internet connection or OS updates.

Let’s copy the threat samples to our test system, then we'll try to execute both executables.

As you can see, both BHunt Scavenger threat samples are stopped, pre-execution, as well as the .dll files at rest, seven years before they existed.

Prevention is possible, with BlackBerry.

About Hector Diaz

Senior Technical Marketing Manager at BlackBerry

Hector Diaz is a Senior Technical Marketing Manager for Latin America and the Caribbean at BlackBerry. Hector works with Engineering and Product Management to translate technology concepts into digestible pieces, evangelizing and educating people about Artificial Intelligence (AI) applied to cybersecurity.

With over 15 years of experience in cybersecurity, Hector is a respected professional who is in-demand at trade shows, partner training and customer engagements across Latin America and the Caribbean Region.

Back