The malware is spread via spam emails purporting to be job applications, which contain an attached Microsoft Word document that the attackers use to launch the Cryptocurrency miner and proliferate the malware. The email is sent to a wide range of job-related email addresses such as [email protected], [email protected], and [email protected], posing as a job application, and includes the subject line “Sales Specialist_[Company Name]”. The attached document is named “[Recruit name].doc”, where [name] is a variable, with the file extension of .docm to try to evade detection.
The cryptocurrency hacker appears to have spread through a massive spam campaign in several countries, including the United States, Australia, Japan and Germany. The malware, called Panda Stealer, was discovered by a cyber security company. It would also be distributed through Discord channels.
Malware can also steal data from Telegram and Discord applications.
According to a report from Trend Micro, the thief is a variant of another malware called Collector Stealer, which uses the same algorithms to bypass most detection tools. The malware is contained in a malicious Excel file in .xlsm format.
As soon as a victim runs a series of Powershell scripts in an infected document, Panda Stealer initiates its malicious processes. It collects sensitive data related to cryptocurrencies, including private keys and summaries of previous transactions with virtual currency wallets like Dash (DASH), Litecoin (LTC), Ethereum (ETH).
Trend Micro researchers provided additional technical details about the similarities between this and other malware:
Panda Stealer turned out to be a variant of Collector Stealer sold on some underground forums and on the Telegram channel. Collector Stealer has since been hacked by a Russian threat agent called NCP, also known as su1c1de. (…) Like Panda Stealer, Collector Stealer retrieves information such as cookies, logins and web data from the infected computer and stores it in an SQLite3 database. It also hides its tracks by deleting stolen files and activity logs after execution.
However, theft is not limited to the interception of data related to the digital assets of the victims. Research has shown that it is technically capable of stealing login credentials from Telegram, Nordvpn and Discord, among others.
Moreover, Panda Stealer can take screenshots of users’ computers and intercept encrypted data in browsers, for example. B. Credit Card Information.
Crypto-currency thieves recently unmasked
Bitcoin.com News reported on the surge in crypto malware in recent months. Recently, a cryptocurrency-related malware called Westeal was touted on darknet forums as the biggest moneymaker in 2021, which set off alarm bells in the cybersecurity community.
The system has means to steal bitcoins (BTC) and Ethereum, but the malicious code operates on a subscription model.
What do you think of the cybersecurity firm’s research? Let us know your comments in the section below.
Photo credit: Shutterstock, Pixabay, Wiki Commons
This source has been very much helpful in doing our research. Read more about cryptocurrency volume alerts and let us know what you think.
bitgur performancebitcoin bitguraltcoin volatility indexcryptocurrency volume alertsbitcoin analyticscoin listing alert,People also search for,bitgur performance,bitcoin bitgur,altcoin volatility index,cryptocurrency volume alerts,bitcoin analytics,coin listing alert,cryptocurrency volatility alert,best altcoin charts