A New Threat For Computer Security:Panda Banker Trojan

Zeus Panda, Panda or Panda Banker is a spin-off of the Zeus Banking Trojan. First seen in 2016 as one of the many variants that cropped up in the wake of the Zeus source code, Panda has fulfilled its function as a banking Trojan since then. Looking to harvest credentials of online banking, payments & other financial portals, the majority of its code is derived from the original Zeus Trojan. The Trojan is designed to target Windows Operating system & leverages man-in-the-browser/ web injects attack techniques to fulfill the purpose of stealing. 

Zeus Panda follows its predecessor & hence primarily targets financial sector & cryptocurrency sites. In addition, it expands its attack in different organization sectors like social networking sites, search, Email & adult sites. The attack strategy of this malware is more or less same with some minor modifications in dynamic configurations.

The full arsenal of attack techniques adopted by Panda banker Trojan includes:

1. Taking Screenshots (up to 100 per mouse click)
2. Keylogging
3. The ability to grab passwords from clipboard & place them into form fields
4. Exploits for the Virtual Network Computing desktop-sharing system
5. Clearing cache & cookies

Stealth capabilities of the malware make not only detection but its analysis difficult.

Panda Banker Distribution Tactics

Malware scripts turn to deception to invade. So does Panda Banker. It launches attack campaigns with a diversity of loaders & exploits kits. The malware script is distributed via:

1. Drive-by Downloads: This implies unintended download of malicious software from the internet. The software gets downloaded by either of the two ways:

• Software Bundling: Such downloads occur without user knowledge. Threat actors embed the malicious code in the payload of the authenticated software. User negligence in downloading the software without following proper procedures or ignoring the steps may result in the unintentional download of Panda banker Trojan.
• Downloads which a person has authorized without understanding the consequences. Example, Downloads that install an unknown or counterfeit executable program, Java applet etc automatically.

2. Phishing emails: Panda Banker is more often distributed via spam email attachments. These attachments can be named as anything which can grab user’s attention and triggers him/her to open the attachment. The Trojan corrupts the system with the malicious script when the user enables macros of the document attached.
3. Malevolent sites: Hooking search results to infected pages is one more way to distribute Panda banker Trojan. Infected websites include a malicious script that runs as soon as the user visits the site. Such websites include but are not limited to porn sites, torrent sites & other free downloading sites.

To Read More Click Here