Panda Malware Broadens Targets to Cryptocurrency Exchanges and Social Media
- by nlqip
Figure 16: QA Injection alert, “Page Injected!”
Conclusion
Panda’s expansion beyond traditional banking targets is following the trend we noticed during the 2017 holiday season.5 This is the first campaign we have seen targeting cryptocurrency sites, but it’s a move that makes sense, given the popularity of cryptocurrency. This act of simultaneous campaigns targeting several regions around the world and industries indicates these are highly active threat actors, and we expect their efforts to continue with multiple new campaigns coming out as their current efforts are discovered and taken down. We will continue to look for patterns by monitoring this activity and the networks and services from which they are choosing to launch their activities. In the meantime, we highly recommend all businesses maintain up-to-date patches on endpoints and ensure AV controls are continuously updated so their systems don’t get infected with this malware. To protect your business from infected consumers that cause costly fraud investigations, monetary returns, and so on, we recommend instituting advanced web fraud protections because this customized security control is not just for banks anymore!
Indicators of Compromise
MD5
Italy and cryptocurrencies targets — e9d881b40d94a541b11fad44f1efbb7c
USA — 35a7e666942eb0c70e73d5dc502a97d2
Japan — 3b78b983ed00cfa580c0b1c9beda4ca2
Latin America — 8822dc8e66b51344b623c6cd29a91db1
QA in production — 5d4c4668567b0b3321b0125779bdb3ae
C&C servers
Italy: hxxps://0a109ec2ab47[.]com
US: hxxps://adshiepkhach[.]top
Japan: hxxps://antrefurniture[.]top
Latin America: hxxps://cotrus[.]co
Source link
lol
Figure 16: QA Injection alert, “Page Injected!” Conclusion Panda’s expansion beyond traditional banking targets is following the trend we noticed during the 2017 holiday season.5 This is the first campaign we have seen targeting cryptocurrency sites, but it’s a move that makes sense, given the popularity of cryptocurrency. This act of simultaneous campaigns targeting several…
Recent Posts
- Hackers Strike at Heart of Italian Government
- The Rise of Ransomware-as-a-Service and Decline of Custom Tool Development | BlackFog
- Canadian Suspect Arrested Over Snowflake Data Breach and Extortion Attacks
- Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System