A new information stealer referred too as Panda is targeting cryptocurrency wallets and credentials for applications such as Telegram, NordVPN, Discord, and Steam. The Panda stealer uses spam emails to trick victims and a difficult-to-detect fileless distribution method deployed by Phobos ransomware. The attacks are primarily targeting users in Australia, Germany, Japan, and the US, according to researchers at Trend Micro.
Trend Micro initially discovered the campaign in early April, identifying two infection chains that the Panda stealer is leveraging to conduct the attacks. Once installed, the Panda Stealer can collect private details such as records of past transactions and private keys from various digital currency wallets such as Dash, Litecoin, Bytecoin, and Ethereum. Panda can also take screenshots of the infected computer and exfiltrate data from browsers such as cookies and passwords.
Read More: Panda Stealer Targets Crypto Wallets