With the start of the Rio de Janeiro 2016 Olympic Games a new version of the Zeus Banking Trojan, called Panda, started targeting financial transactions in Brazil.
According to IBM X-Force Research`s experts, Zeus Panda`s code is the same as the previous Zeus variants` hence it shows pretty similar behavior. However, there is some changes in regards to the way how it encrypts files and how it communicates.
Europe and North America have been on the Zeus Panda Banking Trojan`s hit list at the beginning of these year. It has been targeting prepaid cards, betting accounts, online payments and other financial transactions.
How, Zeus Panda has arrived in Brazil just in time for the Rio de Janeiro 2016 Olympic Games. It attacks law enforcement agencies, local banks and even supermarket chain delivery services. According to experts, the cyber gang behind the Trojan is at least partly settled in South America.
Zeus Panda Banking Trojan is distributed via botnets using exploit kits like the notorious Neutrino and Angler. A very common attacking technique is the usage of the malicious Microsoft Word document but Zeus Panda also uses personalized messages to hit a particular company`s email address.
The Trojan`s most favorite hack is known to be account takeovers where it steals users` credential and uses them to complete a transaction from another device. Fake pop-ups keep the victim online whine the transaction is in process.
“Panda’s move to Brazil is a very interesting occurrence in the country,” – stated Limor Kessem, an IBM executive security advisor – “Brazil’s cybercrime landscape is dominated by relatively simplistic codes designed for specific fraud scenarios, such as Boleto fraud, remote access fraud and malware used for phishing.”
“Zeus Panda may not be the first ever modular banking Trojan to operate in Brazil, but it is definitely a major step up from the malicious Delphi-based malcode that’s so typical in the country. This migration of a new and commercial Zeus variant into Brazil also underscores the growing collaboration between Brazil-based cybercriminals and cybercrime vendors from other countries and underground communities — a trend that has been picking up speed in Brazil since the beginning of this year.”
“Judging by recent emerging campaigns observed by X-Force Research, Zeus Panda appears to be an active and evolving project that is being commercialized to cybercriminals through Dark Web forums. As such, we expect to see more variations of this malware and new botnets appearing in the coming months, likely targeting different countries beyond those appearing in current configurations.”
A Proofpoint research reveals the Rio 2016 is at the top of the crooks` target list with about 4,500 spiteful applications on popular marketplaces aiming to take advantage of the Games. Moreover, 15% of the social media accounts associated with the Olympics are proven to be deceptive.