Rio 2016: Zeus Panda Banking Trojan Arrives in Brazil

A variant of the Zeus banking Trojan has arrived in Brazil just in time for the 2016 Olympic Games in Rio de Janeiro.

Experts at IBM X-Force Research say Zeus Panda is based on existing code and exhibits much of the same behaviour as other Zeus types but has some modifications, mostly related to its encryption and communication schemes.

Zeus Panda has targeted Europe and North America since early 2016, targeting online payments, prepaid cards, betting accounts and other financial transactions.

Rio 2016 Zeus Panda

It arrived in Brazil in July, targeting local banks, law enforcement agencies and even supermarket chain delivery services. Researchers suspect a cybercrime group at least partly located in the south American country is responsible.

Botnets spread the malware to infected machines, making use of exploit kits like Angler and Neutrino. A popular attack method is a malicious Microsoft Word document, but Zeus Panda has also targeted specific company email addresses with personalised messages.

Its favoured fraud methodology is account takeover where credentials are stolen and used to initiate a transaction from another device. The victim is then held online by deceptive pop up windows that allow the attacker to complete the fraudulent attack in real time.

Targeting Brazil

“Panda’s move to Brazil is a very interesting occurrence in the country,” said IBM executive security advisor Limor Kessem. “Brazil’s cybercrime landscape is dominated by relatively simplistic codes designed for specific fraud scenarios, such as Boleto fraud, remote access fraud and malware used for phishing.

“Zeus Panda may not be the first ever modular banking Trojan to operate in Brazil, but it is definitely a major step up from the malicious Delphi-based malcode that’s so typical in the country. This migration of a new and commercial Zeus variant into Brazil also underscores the growing collaboration between Brazil-based cybercriminals and cybercrime vendors from other countries and underground communities — a trend that has been picking up speed in Brazil since the beginning of this year.

“Judging by recent emerging campaigns observed by X-Force Research, Zeus Panda appears to be an active and evolving project that is being commercialized to cybercriminals through Dark Web forums. As such, we expect to see more variations of this malware and new botnets appearing in the coming months, likely targeting different countries beyond those appearing in current configurations.”

Rio 2016 is a target for cybercriminals, with recent research from Proofpoint suggesting there are 4,500 malicious apps on popular marketplaces attempting to capitalise on the Games, while 15 percent of social media accounts associated with the Olympics are fraudulent.

Excited for the Olympics? Try our sporting IT quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

9 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

11 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

13 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

14 hours ago