'Panda' Cryptojacking

Cybercriminals love working with cryptocurrency when they get their hands on it in illicit ways especially. It is a widely known fact that pratically all ransomware authors use some cryptocurrency to collect ransom payments – their usual choice is Bitcoin, but there have been cases in which victims were offered to pay via Ethereum, Monero or Litecoin. Another shady thing that cybercriminals do to fill their cryptocurrency wallets is to plant silent cryptocurrency miners on computers they have illicit access to – this way they can harvest the computer's processing power to mine for a cryptocurrency like Monero. This is the exact scheme used by Panda, a group of cybercriminals whose name is linked to large crypto-jacking campaigns such as MassMiner. The Panda group uses a wide range of tools to gain access to the compromised host, and they modify their infection vectors, infrastructure, and exploit toolkit to maximize the efficiency of their operations continuously.

Company Networks may be Panda's Preferred Targets

According to cybersecurity experts, the 'Panda' Cryptojacking group's crypto-jacking campaigns have netted the criminals over $100,000 in pure profit. In some of their most recent attacks, they have been observed using Remote Access Trojans (RATs) to gain illicit access to the computers of their victims, and then configure and deploy a Trojan miner manually.

Regular users are not the primary target of the hackers certainly since they appear to use a wide range of exploits to allow their malware to spread laterally through a company network. This is likely to mean that the primary targets of the Panda group are companies and businesses where they can plant their miner on hundreds of PCs simultaneously.

The Panda Cryptojacking Group Uses a Wide Range of Tools and Exploits

Panda's campaigns are more sophisticated than most crypto-jacking campaigns certainly since the crooks use a variety of tools to gain as much information from the victim as possible – RATs, cryptocurrency miners, info collectors like Mimikatz, and ready-to-use exploits that were collected from the NSA and released to the public.

The operations of the 'Panda' Cryptojacking group have been observed closely for over a year and a half, and their activity appears to be picking up instead of dying down. To reduce the chances that your computer or network's hardware resources will be harvested in a crypto-jacking campaign, you should make sure to install the latest security patches, as well as make use of the protection services offered by reputable anti-virus products.