Panda Malware Broadens Targets to Cryptocurrency Exchanges and Social Media

2024 Cybersecurity Predictions


Figure 16: QA Injection alert, “Page Injected!”

Conclusion

Panda’s expansion beyond traditional banking targets is following the trend we noticed during the 2017 holiday season.5 This is the first campaign we have seen targeting cryptocurrency sites, but it’s a move that makes sense, given the popularity of cryptocurrency. This act of simultaneous campaigns targeting several regions around the world and industries indicates these are highly active threat actors, and we expect their efforts to continue with multiple new campaigns coming out as their current efforts are discovered and taken down. We will continue to look for patterns by monitoring this activity and the networks and services from which they are choosing to launch their activities. In the meantime, we highly recommend all businesses maintain up-to-date patches on endpoints and ensure AV controls are continuously updated so their systems don’t get infected with this malware. To protect your business from infected consumers that cause costly fraud investigations, monetary returns, and so on, we recommend instituting advanced web fraud protections because this customized security control is not just for banks anymore!

Indicators of Compromise

MD5

Italy and cryptocurrencies targets — e9d881b40d94a541b11fad44f1efbb7c

USA — 35a7e666942eb0c70e73d5dc502a97d2

Japan — 3b78b983ed00cfa580c0b1c9beda4ca2

Latin America — 8822dc8e66b51344b623c6cd29a91db1

QA in production — 5d4c4668567b0b3321b0125779bdb3ae

C&C servers

Italy: hxxps://0a109ec2ab47[.]com

US: hxxps://adshiepkhach[.]top

Japan: hxxps://antrefurniture[.]top

Latin America: hxxps://cotrus[.]co



Source link
lol

Figure 16: QA Injection alert, “Page Injected!” Conclusion Panda’s expansion beyond traditional banking targets is following the trend we noticed during the 2017 holiday season.5 This is the first campaign we have seen targeting cryptocurrency sites, but it’s a move that makes sense, given the popularity of cryptocurrency. This act of simultaneous campaigns targeting several…

Leave a Reply

Your email address will not be published. Required fields are marked *