The banking Trojan named as Panda Banker is now used against financial institutions in Japan for the first time.
The malware first appeared in 2016 under the name of Panda Zeus because is based on the leaked source code of the infamous Zeus banking Trojan. Since then Panda Banker has been used in multiple infection campaigns worldwide.
Researchers ran a malware analysis on this new cybersecurity threat and found out that is designed to steal user credentials via man-in-the-browser and web-injects that specify what websites to target and how. Compared to its first version this new Panda Banker has received consistent, incremental update.
This Trojan can be bought as a kit on underground forums.
Since 2016, Panda Banker has been used in campaigns targeting financial institutions in Italy, Canada, Australia, Germany, the United States, and the United Kingdom, and now Japan.
This kind of malicious cyber attacks can be repealed by installing a cybersecurity solution like an antivirus for Windows or antivirus for Mac, depending on which OS their device is running. Besides this, a company must hire a cybersecurity firm that will lunch on purpose various attacks on company’s network to reveal its flaws. The attacks like this are made through specialized cybersecurity tests like This malware is distributed via malicious advertisements (malvertising) that redirect victims to the RIG-v exploit kit.
In Japan, campaign hackers used multiple domains for their C&C servers, but only one of them is now operational. The operational domain is registered to a Petrov Vadim using the email address [email protected]
In this campaign the hacker used 27 new web-injects, 17 of them targeted Japanese banking websites, and 10 of them focused websites based in the United States: four search engines, two social media sites, an email site, a video search engine, an online shopping site, and an adult content hub.
All of the web-injects used in this campaign employ the Full Info Grabber automated transfer system (ATS) to capture user credentials and account information.
To reduce and eventually eliminate all the risk of this kind of cybersecurity problems practice good cyber security habits, update your apps and OSs to latest versions available and implement a robust cybersecurity solution into your devices like an antivirus for Windows or antivirus for Mac depending on which OS is your machines running. We also recommend every company to hire a specialized cybersecurity firm that will perform various tests like a penetration test and various ethical hacking tests on company’s network to reveal if any network flaws are present.
For companies that exist 100% online, we recommend the using of cyber-secured web hosting services.