Google Threat Analysis Group: They use multiple platforms to communicate, a blog as a lure, and a novel social engineering technique.
A new malicious Panda Banker campaign is targeting victims in the US, Canada, and Japan. Cylance: The cybercrime aims to steal credit card data, bank account information and online wallets. The trojan is spreaded via Emotet
A new malicious campaign is targeting with the Panda Banker trojan victims in the US, Canada, and Japan. It has been discovered by Cylance cyber security experts. The cyber attacks aim to steal credit card data, bank account information and online wallets. Furthermore, the trojan spreads via the Emotet banking malware’s distribution platform, presumably to hide its activities. The malware is a variant of the Zeus, first emerged in 2016, and still continues to be a persistent threat. It begins checking the targeted system’s environment to determine whether any antivirus or sandboxing programs are present. If there is a detection tools, it withdraws and deletes the payload. If the “ground” is clear, Panda Banker creates a copy of itself and launches it before exiting the system. The trojan then waits for the infected system to visit a targeted website, like a bank one or a credit card firm.
What is Panda Banker (aka ZeuS Panda or Panda) and which are the targets
Panda Banker (aka ZeuS Panda or Panda) is a variant of the original trojan Zeus, under the banking category. It was discovered in 2016 in Brazil around the time of the Olympic Games. The majority of the code is derived from the original Zeus trojan, and maintains the coding to carry out man-in-the-browser, keystroke logging, and form grabbing attacks. The malware launches cyber attack campaigns with a variety of exploit kits and loaders by way of drive-by downloads and phishing emails, and also hooking internet search results to infected pages. Stealth capabilities make not only detecting but analyzing the malware difficult. Countries which are targeted more than others are likely based on the GDP. It is suspected that the cybercrime gang behind it is Russian speaking. In fact, the malware doesn’t attack in Russian area or targets.