A New Threat For Computer Security:Panda Banker Trojan

Zeus Panda, Panda or Panda Banker is a spin-off of the Zeus Banking Trojan. First seen in 2016 as one of the many variants that cropped up in the wake of the Zeus source code, Panda has fulfilled its function as a banking Trojan since then. Looking to harvest credentials of online banking, payments & other financial portals, the majority of its code is derived from the original Zeus Trojan. The Trojan is designed to target Windows Operating system & leverages man-in-the-browser/ web injects attack techniques to fulfill the purpose of stealing. 

Zeus Panda follows its predecessor & hence primarily targets financial sector & cryptocurrency sites. In addition, it expands its attack in different organization sectors like social networking sites, search, Email & adult sites. The attack strategy of this malware is more or less same with some minor modifications in dynamic configurations.

The full arsenal of attack techniques adopted by Panda banker Trojan includes:

1. Taking Screenshots (up to 100 per mouse click)
2. Keylogging
3. The ability to grab passwords from clipboard & place them into form fields
4. Exploits for the Virtual Network Computing desktop-sharing system
5. Clearing cache & cookies

Stealth capabilities of the malware make not only detection but its analysis difficult.

Panda Banker Distribution Tactics

Malware scripts turn to deception to invade. So does Panda Banker. It launches attack campaigns with a diversity of loaders & exploits kits. The malware script is distributed via:

1. Drive-by Downloads: This implies unintended download of malicious software from the internet. The software gets downloaded by either of the two ways:

• Software Bundling: Such downloads occur without user knowledge. Threat actors embed the malicious code in the payload of the authenticated software. User negligence in downloading the software without following proper procedures or ignoring the steps may result in the unintentional download of Panda banker Trojan.
• Downloads which a person has authorized without understanding the consequences. Example, Downloads that install an unknown or counterfeit executable program, Java applet etc automatically.

2. Phishing emails: Panda Banker is more often distributed via spam email attachments. These attachments can be named as anything which can grab user’s attention and triggers him/her to open the attachment. The Trojan corrupts the system with the malicious script when the user enables macros of the document attached.
3. Malevolent sites: Hooking search results to infected pages is one more way to distribute Panda banker Trojan. Infected websites include a malicious script that runs as soon as the user visits the site. Such websites include but are not limited to porn sites, torrent sites & other free downloading sites.

To Read More Click Here

An Open Source Terror for Windows Operating System : Hidden Tear Ransomware

Open-source Ransomware is a real issue that is continuously evolving. It’s not hard to guess the reason of popularity of open source ransomware among crooks! It offers the ease and convenience of not having to be tech-savvy.

Flog of ransomware is by far today’s biggest computer security concern. Threat actors have stepped into the crypto realm & thrown down the gantlet to antivirus labs that are still figuring out ways to do away with his challenge. 

Ransomware based on open source code, especially variants based on Hidden Tear continue to proliferate to spread consternation among masses and hence reap monetary gains.

The ease of availability and deployment of this open source Ransomware code allows even novice developers to extort victims with this ransomware family. The first few Hidden Tear-based variants didn’t stray far from originals. But it comes as no surprise that the developers of ransomware keep building on the released code with minor tweaks to create improved variants.

To Read More Click here

Microsoft security update released Internet Explorer

Microsoft’s legacy browser, Internet Explorer may flinch you at a Gordian knot. The booby-trapped browser is cursed with remote code execution vulnerability that allows threat actors to execute arbitrary code in the context of the user.

The remote code execution IE Zero-day vulnerability in Internet Explorer scripting engine allows threat actors to execute arbitrary code in the context of the user. Manipulators who successfully exploited the IE Zero-day vulnerability could leverage the security privileges of the logged in user & execute malevolent code to corrupt system memory. In other words, if you are logged on with administrative user rights, this vulnerability could be exploited to take full control of an affected system.

1. Deploy malicious code on a user’s system.
2. Install malicious programs.
3. View, change or delete data
4. Create new accounts with full user rights

This Zero-day vulnerability is tracked as CVE-2018-8653 & can further be exploited in the following ways:

1. In Web-based scenarios, attackers could host especially crafted malicious sites designed to exploit vulnerability via Internet Explorer. Innocent users can then be lured to visit the contagious sites via ads or booby-trapped emails. The embedded malefic script in the corrupt site, in turn, may infect a user‘s system.
2. Threat actors can also make hay of the Applications that embed the IE scripting engine to render web-based content to vitiate user system. Examples of such apps include – applications that are part of the Office suite.

To Read more Click here

How to Remove FilesLocker Ransomware – A Ransomware as a Service Attack?

Encryptor RaaS (Ransomware as a Service) virus is a new era of ransomware distribution. Among all the cyber threats launched, ransomware attacks are garnering more attention lately. These attacks have gained intensity over time with attackers moving a step ahead by evolving vicious and harmful tactics to launch RaaS (Ransomware-as-a-Service) attack.

RaaS Distribution is a practice where threat actors put their ransomware up for sale. It is then purchased and leveraged by other criminals who are technically unable to develop their own variants. Thus RaaS give even novice cyber-criminals an opportunity to launch sophisticated & profitable attacks.

Most of the ransomware code packages are free to deploy with a profit-sharing model in which the author shares with the affiliates some percentage of earnings on the code package bought. This earning usually ranges from 25% – 30%.

A new RaaS virus discovered in the dark web works like a similar legitimate software affiliate program only with more profit deals. This FilesLocker Ransomware offered as a Ransomware as a Service targets Chinese and English speaking victims.

To Read More Click Here