Cybersecurity Firm Sees Cryptosteeler Spreading Through Huge Email Spam Campaign and Dispute Channels

A crypto thief seems to have spread through a massive spam campaign in many countries, including the United States, Australia, Japan, and Germany. A malware named "Panda Stealer" was detected by a cyber security company. It would also be distributed on Discord channels. Malware can also steal data from Telegram and Discord apps According to the Trend Micro report, the thief is a variant of another malware called "Collector Stealer" that uses the same algorithms to bypass most detection tools. The malware is contained in a malicious Excel file in .xlsm format. When the victim runs a series of Powershell scripts on the infected document, Panda Stealer executes its malicious processes. It collects sensitive crypto-related data, including records of past transactions and private keys made with virtual currency wallets such as Dash (DASH), litecoin (LTC), ethereum (ETH). Trend Micro researchers gave more technical details about the similarities between malware and others: Panda Stealer turned out to be a variant of Collector Stealer sold on some underground forums and a Telegram channel. Collector Stealer was attacked by a menacing Russian actor named NCP, also known as su1c1de. (…) Collector Stealer, like Panda Stealer, extracts information such as cookies, login credentials and web credentials from a compromised computer and stores it in a SQLite3 database. It also includes traces by deleting files and activity logs that were stolen after execution. But for the thief, there's more to it than capturing data about the victims' digital assets. The investigation even revealed that it has technical abilities to steal credentials from Telegram, Nordvpn and Discord, among others. In addition, Panda Stealer can take screenshots of users' computers and capture data encrypted in browsers such as credit card information. Latest Encrypted Malware Thieves Seen by News

Join the Discussion

  • BrokerEUR/USD
    CMC Markets 0.7pips. (variable) margin: 3.33%
    InterTrader 0.6pips (fixed) margin: 3.33%
  • Back to top