Researchers have found that Zeus banking Trojan is back in a new version named Panda.
The new malware is hitting hard with three active campaigns that extend its targets beyond banking to new sectors like cryptocurrency, social media, and various other companies around the world.
All three campaigns, active in the U.S., Japan, and Latin America, are propagating via Facebook and Twitter phishing attacks, and all three have added the same new targets to the mix, the researchers noted. However, there are different C2s for each campaign. Two of the attacks are acting from the same botnet version. Botnet 2.6.8 was found spreading Panda in both the U.S. and Japan.
The U.S. campaign so far has targets in eight industries. While 76 percent of the attacked services are for U.S. financial organizations such as Citibank and Wells Fargo, the actors behind the campaign have also added half a dozen Canadian financial organizations as targets. That’s followed notably by cryptocurrency sites. Also targeted are global social-media providers Facebook and Instagram along with MSN and Bing.com, payroll companies, entertainment services (YouTube) and others.
This campaign also targets the e-commerce giant Amazon; entertainment platform Youtube; Microsoft.com, Live.com, Yahoo.com, Google.com, likely targeting email accounts; the social media leaders Facebook and Twitter; as well as a Japanese adult site Dmm[.]co, and Pornhub
Across all three campaigns, just 64 percent of targets were financial services targets. Cryptocurrency exchanges made up 26 percent.
This kind of dangerous malware can be easily evaded by installing a cybersecurity solution like an antivirus for Windows or antivirus for Mac, chose depending on which OS the device is running. Besides this, a company must hire a cybersecurity firm that will lunch, on purpose, various attacks on company’s network to reveal its flaws. Attacks like this are made through specialized cybersecurity tests like penetration test and ethical hacking tests.
Investigations are undergoing, and at first site, we can see that:
Panda is still primarily focused on financial companies, but the sectors of its targets are growing with each new campaign
Panda began targeting cryptocurrency since February 2018
Panda isn’t the first banking trojan to turn its interest to cryptocurrency; IBM X-Force noted in February that the TrickBot trojan has been diversifying its benefits as well.
Panda is currently targeting Facebook and Twitter in all three campaigns since May 2018.
There are different C&Cs servers for each campaign, three of which are connected through a known threat actor-network in Russia and the fourth is located in China.
The Windows-focused Panda is far from being a small cybersecurity threat. It has a full arsenal of attack techniques, which include web injects, taking screenshots, keylogging, the ability to grab passwords from the clipboard and paste them into form fields and exploits for the Virtual Network Computing desktop-sharing system.
Because we want you to be safe and secured against cyber threats like this, depending on which version of OS your device run, you must install an antivirus for Windows or antivirus for Mac.
Companies should also make sure that they hire a professional cybersecurity firm that will run various cybersecurity tests on company’s network to implement only the best possible cybersecurity solution. Remember that tests like penetration test and ethical hacking tests should be mandatory for every company.