Panda Is One Hungry Bear! A Heavyweight Banking Trojan Rolls Into Brazil

IBM X-Force Research observed that a relatively new Zeus Trojan variant known as Panda, or Panda Banker, that started targeting banks in Europe and North America early this year has now spread to Brazil. According to IBM X-Force Research, Panda now targets 10 local bank brands and multiple payment platforms right as Brazil prepares to host a global sporting event.

 Commercialized Malice

 As its name suggests, Zeus Panda is yet another Zeus v2 Trojan iteration built upon the same source code leaked in 2011 — one that evidently keeps enabling the delivery of more commercial banking Trojans into the world.

IBM X-Force Research believes that Zeus Panda is being peddled via Dark Web underground boards by the developer who put it together. It is sold in cybercrime-as-a-service packages to other cybercriminals.

 Panda Arrives in Brazil

 IBM X-Force Research has been detecting Zeus Panda variants since Q1 2016. At first, botnets spreading and attacking users with this malware primarily targeted banks in Europe and North America, focusing on the U.K., Germany, the Netherlands, Poland, Canada, the U.S. and others. While Panda configurations focus on targeting personal online banking services, they are rather diverse. Other targets include online payments, prepaid cards, airline loyalty programs and online betting accounts, to name a few.

Panda is clearly one hungry bear. The malware continues to spread to new geographies and is now targeting users in Brazil. First appearing in Brazil in July 2016, the related Panda variant likely has links to a locally operated, professional cybercrime faction. The variants fetched a new Brazil-focused configuration, which was set up to steal credentials from users of 10 major bank brands in the country, as well as those of bitcoin exchange platforms, payment card services and online payments providers, among others, per X-Force findings.

This blog was part of my work with IBM X-Force. Read the complete post here.