Here come the hackers again, poised to relieve you of your cryptocurrency and break into your Steam and Discord accounts. And in the same fell swoop, besmirching the name of the most pure and non-malign bear on the planet: the panda.
‘Panda Stealer’ is being distributed through phishing emails and Discord links, and is hell-bent on picking out any cryptocurrency-related data on your machine. As TrendMicro outlines, your Ethereum, Dash, Bytecoin and Litecoin keys and addresses are all at risk, though there’s no mention of other currencies being affected (via Tom’s Hardware).
The malware—which utilises a fileless distribution method to remain undetected—also has a taste for NordVPN, Telegram, Discord, and Steam details, and is able to take screenshots, pilfer passwords and card credentials, as well as raid both the virtual and proverbial cookie jar.
Business quote requests is usually how the software masquerades in your inbox. Once you click through, the waltz begins with an XLSM or XLS file download. Once in, the malware worms its way through your system with a formula veiling a PowerShell command, accesses paste.ee and gives itself permission to download yet more PowerShell commands to retrieve your super-secret info—all in the blink of an eye.
Attempts have been made to trace the virus back to its IP of origin, and although it only threw up a rented Shock Hosting virtual server, it has been reported and the server suspended. But it probably won’t help much.
The best bet is that Panda Stealer is a variant of Collector Stealer, for which cracked downloads are freely available across the net. When consulted, VirusTotal showed 264 similar malwares, scattered across a boatload of servers and download sites. Discord is expected as a likely method for its transferal between baddies who want to steal your cryptocurrency riches and Steam wallet funds.
So, as always, be hyper-aware of what you’re clicking. And make sure you grab one of the best antivirus programs, just to be sure.