What you need to know
- A piece of malware known as Panda Stealer is being used to steal cryptocurrency.
- Panda Stealer can spread through emails and malicious Discord links.
- It can be used to steal Dash, Bytecoin, Litecoin, and Ethereum.
A new piece of malware dubbed Panda Stealer is spreading its way across the web. Panda Stealer can be utilized to steal cryptocurrency, including Dash, Bytecoin, Litecoin, and Ethereum. First reported on by Trend Micro, the Panda Stealer malware spread around the web through spam emails.
Two infection chains have been identified. One chain contains an XLSM attachment that contains macros that downloads a loader, which executes the stealing process. The second chain utilizes an XLS file that has an Excel formula that uses a PowerShell command. This command uses a Pastebin alternative called paste.ee to get a second encrypted PowerShell command.
Panda Stealer appears as a business quote with a file attachment, according to Trend Micro. The piece of malware appears to be a fork of Collector Stealer.
After it manages to get installed on a computer, Panda Stealer can collect private keys and records of past transactions from currency wallets. In addition to going after cryptocurrency, the piece of malware can steal credentials from NordVPN, Telegram, Discord, Steam, and other apps.
Trend Micro has identified an IP address that it believes is used by the threat actor behind Panda Stealer. It believes that the IP address is assigned to a virtual private seerver that's rented from Shock Hosting. The threat actor is said to have infected Shock Hosting to test the piece of malware. Shock Hosting was informed of the threat actor by Trend Micro and has suspended the IP address in question.
To help keep your PC and data protected, you should check out our list of the best antivirus software.
