‘Panda Stealer’ Malware Sets Its Crosshairs On Cryptocurrency Wallets

May 16, 2021 Blockchain, Crypto, Digital Assets, Tokens, Meta, Cyber Security, Hack and Fraud Alerts, Digital Identity, FinTech and Alternative Finance, Fintech International, Research, Stories No comments

The Coin Republic | Andrew Smith | May 11, 2021

system hacked - ‘Panda Stealer’ Malware Sets Its Crosshairs On Cryptocurrency Wallets The cryptocurrency community has been made aware of the emergence of a new malware that has set its crosshairs towards crypto wallets. It seems that digital currency holders have another thing to be wary of.

Panda Stealer

Trend Micro recently released a blog post on their website revealing the above-mentioned online threat. According to the blog, they’ve detected this new “information stealer” dubbed the “Panda Stealer” as early as April.

Further, it was explained that this type of malware is being delivered through spam email. If Trend Micro’s telemetry is anything to go by, countries like Germany, Australia, Japan, and the United States were heavily affected by it during what is described as “spam wave.”

See: How Cryptocurrency is changing Fintech

It was also learned that this so-called Panda Stealer is a modified iteration of the Collector Stealer malware. This nasty bug also uses a fileless approach in its proliferation for it to avoid getting detected.

How it infects

The deployment of this malware is done via spam emails as it masks itself as business quote requests to lure cryptocurrency holders in opening malicious Excel files. Trend Micro has highlighted a couple of “infection chains”:

An .XLSM attachment containing the macros that download a loader. The loader then downloads and executes the main stealer.
The other uses an attached .XLS file that contains an Excel formula that uses a PowerShell command to access a Pastebin alternative – paste.ee. This will then access a second encrypted PowerShell command.

It’s also hungry for your other online details

According to PC Gamer, since this Panda Stealer utilizes a fileless approach to remain unnoticed, it is said that the malware “also has a taste” for details of the victim’s Discord, Steam, NordVPN, and even Telegram accounts. What’s made it even more worrisome is the fact that it can take screenshots, raid a device’s cookie jar, and pilfer passwords and card details.

Continue to the full article --> here

NCFA Jan 2018 resize - ‘Panda Stealer’ Malware Sets Its Crosshairs On Cryptocurrency Wallets The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org