What you need to know
A piece of malware known as Panda Stealer is being used to steal cryptocurrency.
Panda Stealer can spread through emails and malicious Discord links.
It can be used to steal Dash, Bytecoin, Litecoin, and Ethereum.
A new piece of malware dubbed Panda Stealer is spreading its way across the web. Panda Stealer can be utilized to steal cryptocurrency, including Dash, Bytecoin, Litecoin, and Ethereum. First reported on by Trend Micro, the Panda Stealer malware spread around the web through spam emails.
Two infection chains have been identified. One chain contains an XLSM attachment that contains macros that downloads a loader, which executes the stealing process. The second chain utilizes an XLS file that has an Excel formula that uses a PowerShell command. This command uses a Pastebin alternative called paste.ee to get a second encrypted PowerShell command.
Get Permission
Researchers at Trend Micro have uncovered a new cryptocurrency stealer variant that uses a fileless approach in its global spam email distribution campaign to evade detection.
The gang behind the malware, dubbed Panda Stealer, starts with emails that appear to be business quote requests to entice recipients to open malicious Excel files, Trend Micro says.
Researchers found that the malware, a modification of Collector Stealer, has targeted victims in the United States, Australia, Japan and Germany.
Infection Chains
Trend Micro identified two infection chains. One uses an .XLSM attachment that contains macros that download a loader, which then downloads and executes the main stealer.
Panda Stealer Targets Crypto Wallets
A new information stealer is going after cryptocurrency wallets and credentials for applications including NordVPN, Telegram, Discord, and Steam.
Panda Stealer uses spam emails and the same hard-to-detect fileless distribution method deployed by a recent Phobos ransomware campaign discovered by Morphisec.
The attack campaign appears to be primarily targeting users in Australia, Germany, Japan, and the United States.
Panda Stealer was discovered by Trend Micro at the start of April. Threat researchers have identified two infection chains being used by the campaign.
They said: In one, an .XLSM attachment contains macros that download a loader. Then, the loader downloads and executes the main stealer.
minute read
Share this article:
PandaStealer is delivered in rigged Excel files masquerading as business quotes, bent on stealing victims’ cryptocurrency and other info.
Yet another new information stealer – Panda Stealer – is being spread through a worldwide spam campaign.
On Tuesday, Trend Micro researchers said that they first spotted the new stealer in April. The most recent wave of the spam campaign has had the biggest impact in Australia, Germany, Japan and the U.S.
The spam emails are masquerading as business-quote requests to lure victims into clicking on booby-trapped Excel files. The researchers found 264 files similar to Panda Stealer on VirusTotal, with some of them being shared by threat actors on Discord.