Panda Banker
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 18 |
First Seen: | April 22, 2016 |
Last Seen: | June 21, 2022 |
OS(es) Affected: | Windows |
The Panda Banker is a banking Trojan that seems to be related to the Zeus Trojan. The Panda Banker, a recently uncovered banking Trojan, is related to one of the most famous and destructive banking Trojans in history. Zeus is quite an old threat that has spawned countless imitators. The Panda Banker is used to target banks in the United Kingdom and Australia and, like its predecessor is designed to collect the victim's login information and online banking credentials. The Panda Banker integrates more advanced persistence, infection strategies and modules, which makes the Panda Banke a considerable threat to computer users.
Table of Contents
The Panda Banker may Collect and Share Information Collected from the Affected PC
The Panda Banker was first observed on March 10. The Panda Banker is spread using corrupted email attachments in the form of corrupted Microsoft Word files that are appended to phishing email messages. These Microsoft Office files may take advantage of two known vulnerabilities which have been around for several years, CVE-2014-1761 and CVE-2012-0158. They abuse support for macros in the Microsoft Office to execute corrupted code on the victim's computer. Corrupted emails associated with the Panda Banker also may use social engineering tactics to trick inexperienced computer users into downloading and executing the compromised file.
When the Panda Banker infects a computer, it gathers data about the infected computer and relays it to a remote server. An identifying marker is created for the infected computer to differentiate it from the countless other computers affected by the Panda Banker. The Panda Banker will relay information on the infected computer's name, installed security software, operating system information, its user's name, the time on the affected computer and a variety of other details. The Command and Control server responds with configuration settings contained in a '.json' file that contains additional Command and Control server domains and a list of websites that may be targeted by the Panda Banker infection.
How the Panda Banker Works
The websites contained in the Panda Banker's configuration files are banking portals for some of the most popular banks in Australia and the United Kingdom. Some banks targeted by the Panda Banker include Santander Bank, Bank of Scotland, Lloyds Bank, Halifax UK and TSB. When the victim connects to the banks' website, the Panda Banker activates and hijacks the victim's Web browser to collect the victim's online banking credentials. This is a tactic that was seen in the Zeus Trojan attacks and is highly effective in collecting the computer user's online accounts.
Observing the Panda Banker Attacks In the Wild
The Panda Banker is distributed in a variety of ways apart from the use of corrupted Word files. Three exploit kits have been associated with the Panda Banker attacks, which were downloaded from compromised websites and attack domains. These three exploit kits, Angler, Nuclear and Neutrino, may exploit vulnerabilities on the victim's computer to install the Panda Banker. This threat campaign uses geo-location to ensure that only computer users in Australia and the United Kingdom become infected with the Panda Banker.
Threats Derived from Zeus may be Very Destructive
Banking Trojans associated with Zeus have been responsible for billions of dollars in losses around the world. More importantly, the Panda Banker and other banking Trojans may work together with rootkits, ransomware, and other types of threats to carry out additional attacks on unsuspecting victims. Therefore, it is no surprise that these threats have continued to thrive. One must not forget that Zeus, despite being quite old by the time of the release of the Panda Banker, is a highly effective banking Trojan. Marrying many of its characteristics with more sophisticated methods for persisting in and infiltrating a victim's computer may make the Panda Banker and other attacks derived from Zeus quite formidable.
SpyHunter Detects & Remove Panda Banker
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | file.exe | c4b31419e90c4e83d265096304408d41 | 4 |
2. | C5DCCD9F2CBA8AD90.exe | 42d84d98b4db642836bd70abcd115750 | 1 |
3. | File.exe | 2c6e1212f45e15c18c89fbd028c7236e | 1 |
4. | file.exe | 95701662ca48338cb7ac24293d312bc4 | 1 |
5. | file.exe | e9dd9705409df3739183fb16583686dd | 0 |
6. | file.exe | e687ecc01fac6fa9453866a642f0c37c | 0 |
7. | file.exe | 59757ea0de44f52578256f65fcdd2762 | 0 |
8. | file.exe | 55a257be7c206c31e8f0988f00af67b4 | 0 |