A new malware-as-a-service (MaaS) threat known as “BunnyLoader” is being advertised for sale on various underground forums, according to a new report from cloud security firm Zscaler ThreatLabz.

Written in C/C++, BunnyLoader is filless, operating mostly in memory. The malware, which is under active development, comes with a slew of functionalities, such as the ability to download and execute a second-stage payload, steal browser credentials and system information, log keystrokes, and thwart analysis attempts. It can also monitor the victim’s clipboard and replace cryptocurrency wallet addresses with actor-controlled crypto wallets, and supports remote command execution.

The BunnyLoader command-and-control panel showcases a list of various tasks, including downloading and executing additional malware, keylogging, stealing credentials, manipulating a victim’s clipboard to steal cryptocurrency, and running remote commands on the infected machine.

Since its initial release on September 4, 2023, BunnyLoader went through several feature updates, introducing new functionalities. Currently, the tool is being sold for $250, while the ‘private stub’ version, which implements more advanced features is being offered for $350.