Get Permission
Researchers at Trend Micro have uncovered a new cryptocurrency stealer variant that uses a fileless approach in its global spam email distribution campaign to evade detection.
The gang behind the malware, dubbed Panda Stealer, starts with emails that appear to be business quote requests to entice recipients to open malicious Excel files, Trend Micro says.
Researchers found that the malware, a modification of Collector Stealer, has targeted victims in the United States, Australia, Japan and Germany.
Infection Chains
Trend Micro identified two infection chains. One uses an .XLSM attachment that contains macros that download a loader, which then downloads and executes the main stealer.
Panda Stealer Targets Crypto Wallets
A new information stealer is going after cryptocurrency wallets and credentials for applications including NordVPN, Telegram, Discord, and Steam.
Panda Stealer uses spam emails and the same hard-to-detect fileless distribution method deployed by a recent Phobos ransomware campaign discovered by Morphisec.
The attack campaign appears to be primarily targeting users in Australia, Germany, Japan, and the United States.
Panda Stealer was discovered by Trend Micro at the start of April. Threat researchers have identified two infection chains being used by the campaign.
They said: In one, an .XLSM attachment contains macros that download a loader. Then, the loader downloads and executes the main stealer.
(Photo : Pexels/Sora Shimazaki) Malware group cryptocurrencies
A new cryptocurrency stealer variant has been discovered, and it is being spread through a global spam campaign and through Discord servers.
Panda Stealer Phishing Email
Named Panda Stealer, researchers from Trend Micro said that the malware has been found targeting people across countries, including Australia, US, Japan, and Germany, according to ZDNet.
The malware starts its infection chain through phishing emails. Samples that are uploaded to VirusTotal also shows that victims have been downloading executables from malicious websites through Discord links.
Panda Stealer s phishing emails pretend to be business quote requests so that users will click them. Two methods have been linked to the campaign: the first one uses attached .XLSM documents that need the victims to enable malicious macros.
minute read
Share this article:
PandaStealer is delivered in rigged Excel files masquerading as business quotes, bent on stealing victims’ cryptocurrency and other info.
Yet another new information stealer – Panda Stealer – is being spread through a worldwide spam campaign.
On Tuesday, Trend Micro researchers said that they first spotted the new stealer in April. The most recent wave of the spam campaign has had the biggest impact in Australia, Germany, Japan and the U.S.
The spam emails are masquerading as business-quote requests to lure victims into clicking on booby-trapped Excel files. The researchers found 264 files similar to Panda Stealer on VirusTotal, with some of them being shared by threat actors on Discord.