Dangerous PANDA Banking Malware Spreads Through Phishing Attacks Targets Banks, Cryptocurrency Sites and Social Media

The PANDA Malware first identified in the year 2016 by Fox IT, the malware primarily focused on banking sectors. With the last February, the campaign was heavily focused on cryptocurrency sites and the three active campaigns currently focusing on social media(Twitter and Facebook).

According to F5 researchers, the four active campaigns that appear between February to May of 2018 uses the same botnet but having different targets and C&C servers.

But still, the panda malware still focussing financial sectors, due to the recent hype with cryptocurrency it expands it’s targeted to online cryptocurrency exchanges, also it focuses Social media, search, email, and adult sites.

The malware campaigns primarily focussed on the Japanese financial organizations and all the campaign in the month of May targeted social media, search, email, e-commerce, and tech providers.

PANDA MalwarePANDA Malware

Researchers said, “we analyzed February campaign marked as botnet “onore2” targets Italian Financial Services and Cryptocurrency Sites Equally. The majority of targets are financial services 51% and cryptocurrency targets 49% worldwide.

PANDA MalwarePANDA Malware

The last campaign marked Botnet “2.6.8” Targets US Financials and the campaign hits 8 industries 76% of which were US financial organizations, 8% Canadian financial services, 6% cryptocurrency sites, 4% social media, 3% search and email and 1% payroll sites.

Also Read Most Important Security Tools and Resources For Security Researcher, Malware Analyst, Reverse Engineer

The May Campaign Botnet “2.6.8” also Targets Japanese Financials, 52% Japanese financial services, 14% search and email providers, 9% social media, 10% adult sites, 5% tech provider, 5% eCommerce, 5% Entertainment.

With the third parallel campaign Botnet “Cosmos3” targets financial institutions in Latin America. The campaign primarily focuses on financial institutions in Argentina, Columbia, and Ecuador followed by the social media, search and tech provider.

F5 concludes that “Panda’s expansion beyond traditional banking targets, the act of simultaneous campaigns targeting several regions around the world and industries indicates these are highly active threat actors. we highly recommend all businesses maintain up-to-date patches on endpoints and ensure AV controls are continuously updated.”

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

LockBit Ransomware Group Breached: Internal Chats and Data Leaked Online

The notorious LockBit ransomware group, once considered one of the world’s most prolific cyber extortion…

7 minutes ago

Cisco IOS XE Wireless Controllers Vulnerability Lets Attackers Seize Full Control

A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers (WLCs),…

37 minutes ago

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector emerged…

15 hours ago

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its attacks…

15 hours ago

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6 million…

16 hours ago

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect servers…

18 hours ago