🐂 Not all bull runs are created equal. November’s AI picks include 5 stocks up +20% eachUnlock Stocks

Panda Crypto Stealer – Beware

Published 05/20/2021, 02:28 AM
Updated 05/20/2021, 02:30 AM
Panda Crypto Stealer – Beware
TMICY
-
UXXc2
-

  • A new ransomware attack named Panda has reared its head, threatening the safety of the cryptocurrency ecosystem.
  • This ransomware has set its sights on compromising cryptocurrency wallets and also goes the extra mile in targeting user details on Telegram and Discord.
  • Discovered by Trend Micro (OTC:TMICY), a cyber-security firm, the security breach begins with a spam message with a malicious attachment.
  • The reason for the increasing number of crypto wallet attacks has been linked to the remarkable increase in the value of cryptocurrencies and large numbers of new crypto users.

New malware is on the block terrorizing the cryptocurrency industry and compromising the data of thousands of users. The malware was discovered by Trend Micro, a cyber-security firm that discovered its modus operandi and primary targets. While cryptocurrency wallets are the primary target, the ransomware also targets user details of platforms such as Discord, NordVPN, and Steam.

What You Should Know About the Panda Crypto Stealer

Cryptocurrency users should keep their guard up as cybercriminals have devised a new manner of obtaining personal info and illegal means of gaining access to accounts through ransomware. Called Panda Stealer, this was discovered by Trend Micro, a firm that specializes in cyber-security.

According to Trend Micro, Panda Stealer acts like a Trojan horse, latching into the system to gain access to sensitive details like usernames and passwords to bypass the security of blockchain. The malware is usually distributed through emails or discord links with malicious attachments.

At its core, the attachment makes use of PowerShell scripts to download an encoded Panda Stealer without files into the computer. This is done through spam emails and through Discord links which resemble a proposal about cryptocurrencies that are designed to bait a user into accepting it.

According to Trend Micro, this method is not a new one, and file-less loading is well known in the industry but the novelty is the targeting of data theft. Through this method, the Panda Stealer scours the system for records of private keys and previous transactions from crypto wallets. In addition to crypto wallets, accounts on platforms like Discord, NordVPN, and Steam are also targeted.

To defend against this scourge Trend Micro suggest the same security measures useful in many other cyber-attacks such as not clicking or opening attachments from suspicious emails and ensuring that software is upgraded to the latest updates.

The cyber-security firm advised that users should protect their cryptocurrency wallets through the use of strong unique passwords and use “multifactor authentication. It further suggested that long-term investors should consider “hardware-based or offline wallets” to store their cryptocurrencies.

On the Flipside

  • DeFi Protocol, Spartan Protocol, suffered losses of up to $30 million following a security breach on the platform.
  • The ingenious attack occurred as a result of an error in the calculation of the liquidity share when the pool token is burned, according to a report by PeckShield, a blockchain security company.
  • This comes just weeks after DeFi exchange, Uranium, lost $50 million in an exploit.

Cryptocurrencies and Cyber Attacks

In recent years, there has been a growing number of cyber-attacks in the cryptocurrency ecosystem which is a worrying trend for the nascent industry. The reason for the spike in criminal activity may be attributed to the dizzying figures associated with cryptocurrencies as the cryptocurrency market capitalization went on to exceed the $2 trillion mark.

Another reason for the growing trend may be linked to the decentralized nature of the crypto ecosystem which creates an absence of a central body to reverse malicious transactions.

Notable crypto hacks that have plagued the industry include the Bitfinex hack of 2016 in which 119,756 Bitcoins were stolen and the Coincheck hack of 2018 which resulted in losses of up to $530 million. Others include the Dao hack of 2016, Mt, Gox hack, and the first Allinvain crypto hack.

EMAIL NEWSLETTER

Join to get the flipside of crypto

Upgrade your inbox and get our DailyCoin editors’ picks 1x a week delivered straight to your inbox.

[contact-form-7] You can always unsubscribe with just 1 click.

Continue reading on DailyCoin

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.