A variant of the Zeus banking Trojan has arrived in Brazil just in time for the 2016 Olympic Games in Rio de Janeiro.
Experts at IBM X-Force Research say Zeus Panda is based on existing code and exhibits much of the same behaviour as other Zeus types but has some modifications, mostly related to its encryption and communication schemes.
Zeus Panda has targeted Europe and North America since early 2016, targeting online payments, prepaid cards, betting accounts and other financial transactions.
Botnets spread the malware to infected machines, making use of exploit kits like Angler and Neutrino. A popular attack method is a malicious Microsoft Word document, but Zeus Panda has also targeted specific company email addresses with personalised messages.
Its favoured fraud methodology is account takeover where credentials are stolen and used to initiate a transaction from another device. The victim is then held online by deceptive pop up windows that allow the attacker to complete the fraudulent attack in real time.
“Panda’s move to Brazil is a very interesting occurrence in the country,” said IBM executive security advisor Limor Kessem. “Brazil’s cybercrime landscape is dominated by relatively simplistic codes designed for specific fraud scenarios, such as Boleto fraud, remote access fraud and malware used for phishing.
“Zeus Panda may not be the first ever modular banking Trojan to operate in Brazil, but it is definitely a major step up from the malicious Delphi-based malcode that’s so typical in the country. This migration of a new and commercial Zeus variant into Brazil also underscores the growing collaboration between Brazil-based cybercriminals and cybercrime vendors from other countries and underground communities — a trend that has been picking up speed in Brazil since the beginning of this year.
“Judging by recent emerging campaigns observed by X-Force Research, Zeus Panda appears to be an active and evolving project that is being commercialized to cybercriminals through Dark Web forums. As such, we expect to see more variations of this malware and new botnets appearing in the coming months, likely targeting different countries beyond those appearing in current configurations.”
Rio 2016 is a target for cybercriminals, with recent research from Proofpoint suggesting there are 4,500 malicious apps on popular marketplaces attempting to capitalise on the Games, while 15 percent of social media accounts associated with the Olympics are fraudulent.
Excited for the Olympics? Try our sporting IT quiz!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…