A new type of malware – Panda Stealer – is spreading through a spam campaign globally. Trend Micro researchers reported on Tuesday that they first encountered the latest stealer in April. In Australia, Germany, Japan, and the USA, the latest surge of the spam campaign seems to have the greatest effects.
The spam emails hide and click booby-trapped Excel files as nothing more than a business quote application to attract victims. Researchers found 264 Panda Stealer-like files with Virus Total, some of which are exchanged by threat actors operating via Discord.
Given recent developments, this isn’t shocking. The cybersecurity team in Cisco's Talos noticed recently that some threat actors are using workflow and communication resources such as Slack and Discord to sneak past safety and provide robbers, remote access trojans (RATs), and malware. Now again, the threatening actors may use Discord to share the Panda Stealer.
If Panda becomes confident, it attempts to acquire information like private clues and past crypto-currency wallet activities such as Bytecoin (BCN), Dash (DASH), Ethereum (ETH), and Litecoin (LTC). It may also filter applications such as NordVPN, Telegram, Discord, and Steam in addition to stealing wallets. Panda could also take screenshots and swipe browser info, including cookies and passwords, through infected computers.
The scientists found out two ways in which spam infects victims: An.XLSM attachment contains macros in one infection chain, which installs a loader that executes the criminal. An .XLS attachment including an Excel formula is also used in another infection chain to enable the instruction PowerShell to access paste.ee, a Pastebin alternative which in turn is secondary encryption for PowerShell command.
"The Call ..
Support the originator by clicking the read the rest link below.
