Pandemiya
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 90 % (High) |
Infected Computers: | 2 |
First Seen: | November 24, 2015 |
Last Seen: | January 25, 2019 |
OS(es) Affected: | Windows |
Pandemiya has emerged recently as a banking Trojan alternative to Zeus and its many variants. The infamous Zeus Trojan has spawned countless variants and copycats, all based on its code. Pandemiya is unique becausePandemiya is entirely new, with no relation to Zeus at all. This makes it particularly difficult for PC security researchers to control and prevent Pandemiya because it will require an entirely new set of protections. Pandemiya has initiated its activities in the Summer of 2014. Pandemiya was being promoted in the underground hacking community as a variant of Zeus and its many variants. Pandemiya was being sold for $1500 USD for the core program and $2000 for various plug-ins that are used to give Pandemiya additional features.
Table of Contents
How Pandemiya may Affect Your Security
Pandemiya is designed to allow the person controlling it to monitor an infected computer. Pandemiya may be used to collect data in secret as well as for taking screenshots of the infected computer's screen. Pandemiya is also designed to permit third parties to inject fake websites on the affected Web browser to trick inexperienced computer users into inputting their passwords into a fake bank website, for example (these kinds of tactics can be avoided by using two-step authentication or other security measures).
Taking a Look at the Pandemiya’s Code
Pandemiya is especially well designed when it comes to avoiding network protections and security software. Pandemiya's coding, not based on Zeus at all, consists entirely of original code. Pandemiya's creator worked on this threat for close to one year. Pandemiya has several features that make Pandemiya particularly worrying for malware researchers:
- Pandemiya is designed to allow third parties to inject fake Web pages into the three most popular Web browsers on the market, Internet Explorer, Mozilla Firefox and Google Chrome.
- Pandemiya also may grab data from these three popular Web browsers.
- Pandemiya may be programmed to perform automated tasks.
- Pandemiya may be capable of collecting files from the infected computer.
- Pandemiya is designed to prevent detection and analysis.
- Pandemiya uses encrypted communications to transmit and receive data from its Command and Control server.
Using plug-ins, third parties can enable Pandemiya to carry out a variety of other tasks. Pandemiya has been linked to an FTP collecting plug-in and another plug-in that may allow Pandemiya to spread via Facebook. When installed, Pandemiya hooks on to certain functions on the affected security program. Using this feature, Pandemiya may collect HTTP form data, access all Web traffic on the affected computer, and be used manually to take screenshots or carry out other operations.
Dissemination Methods Used by Pandemiya
Pandemiya may be spread in a variety of ways, depending on the people that are making use of this threat. For example, Pandemiya may be spread using spam email messages with corrupted attached files or infected websites containing exploit kits. The most common way in which Pandemiya spreads is by using exploit packs that generate a download page that infects the victim's computer as soon as they access it. Pandemiya creates a drive-by exploit page that infects the PC the minute Pandemiya lands on the Web page. The Pandemiya Trojan is contained in an EXE file that executes the installer on the victim's computer. As soon as Pandemiya is installed, it creates a folder with a random name and makes unwanted changes to the system Registry and other computer settings. Pandemiya also drops a randomly named DLL file on the Windows system folder that enables Pandemiya to carry out its attacks. Pandemiya's installation can be hidden in a variety of ways, such as embedding it in an infected Office or PDF document.
Registry Details
URLs
Pandemiya may call the following URLs:
[http://][REMOVED]/P4ND3M1CB00BF4C3/12[REMOVED] |
[http://][REMOVED]/aWnBrokeQxPeKunljEDkm/biLwVtsypK[REMOVED] |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.