Panda Malware Broadens Targets to Cryptocurrency Exchanges and Social Media - Kartwheel News

Skip to content

Add A Menu

Cyber stories

Panda Malware Broadens Targets to Cryptocurrency Exchanges and Social Media

by nlqip
April 23, 2024

2024 Cybersecurity Predictions

Figure 16: QA Injection alert, “Page Injected!”

Conclusion

Panda’s expansion beyond traditional banking targets is following the trend we noticed during the 2017 holiday season.⁵ This is the first campaign we have seen targeting cryptocurrency sites, but it’s a move that makes sense, given the popularity of cryptocurrency. This act of simultaneous campaigns targeting several regions around the world and industries indicates these are highly active threat actors, and we expect their efforts to continue with multiple new campaigns coming out as their current efforts are discovered and taken down. We will continue to look for patterns by monitoring this activity and the networks and services from which they are choosing to launch their activities. In the meantime, we highly recommend all businesses maintain up-to-date patches on endpoints and ensure AV controls are continuously updated so their systems don’t get infected with this malware. To protect your business from infected consumers that cause costly fraud investigations, monetary returns, and so on, we recommend instituting advanced web fraud protections because this customized security control is not just for banks anymore!

Indicators of Compromise

MD5

Italy and cryptocurrencies targets — e9d881b40d94a541b11fad44f1efbb7c

USA — 35a7e666942eb0c70e73d5dc502a97d2

Japan — 3b78b983ed00cfa580c0b1c9beda4ca2

Latin America — 8822dc8e66b51344b623c6cd29a91db1

QA in production — 5d4c4668567b0b3321b0125779bdb3ae

C&C servers

Italy: hxxps://0a109ec2ab47[.]com

US: hxxps://adshiepkhach[.]top

Japan: hxxps://antrefurniture[.]top

Latin America: hxxps://cotrus[.]co

Source link
lol

Figure 16: QA Injection alert, “Page Injected!” Conclusion Panda’s expansion beyond traditional banking targets is following the trend we noticed during the 2017 holiday season.5 This is the first campaign we have seen targeting cryptocurrency sites, but it’s a move that makes sense, given the popularity of cryptocurrency. This act of simultaneous campaigns targeting several…

Tags: 2-6-8, Access Tier, Client, cosmos3, Cybercrime, Fraud, Injection, Malware, onore2, Panda, Phishing, Services Tier, Threats, Trojan, Web Application Attacks

Previous Post

Drupalgeddon 2 Highlights the Need for AppSecOps

April 23, 2024

Next Post

Russia Attacks Global Network Infrastructure Through Vulnerabilities That Extend Far Beyond Their Targets

April 23, 2024

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Comment *

Name *

Email *

Website

Save my name, email, and website in this browser for the next time I comment.

Search

Recent Posts

Hackers Strike at Heart of Italian Government
The Rise of Ransomware-as-a-Service and Decline of Custom Tool Development | BlackFog
Canadian Suspect Arrested Over Snowflake Data Breach and Extortion Attacks
Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages
Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System

Recent Comments

No comments to show.

Archives

November 2024
October 2024
September 2024
August 2024
July 2024
June 2024
May 2024
April 2024
March 2024
February 2024

Categories

AI in news
Chatgpt
Good news
Kamban
Viral