Panda Stealer malware is gobbling up cryptocurrency like bamboo chutes
The latest piece of malware is called Panda Stealer, and it's after people's cryptocurrency and data.
What you need to know
- A piece of malware known as Panda Stealer is being used to steal cryptocurrency.
- Panda Stealer can spread through emails and malicious Discord links.
- It can be used to steal Dash, Bytecoin, Litecoin, and Ethereum.
A new piece of malware dubbed Panda Stealer is spreading its way across the web. Panda Stealer can be utilized to steal cryptocurrency, including Dash, Bytecoin, Litecoin, and Ethereum. First reported on by Trend Micro, the Panda Stealer malware spread around the web through spam emails.
Two infection chains have been identified. One chain contains an XLSM attachment that contains macros that downloads a loader, which executes the stealing process. The second chain utilizes an XLS file that has an Excel formula that uses a PowerShell command. This command uses a Pastebin alternative called paste.ee to get a second encrypted PowerShell command.
Panda Stealer appears as a business quote with a file attachment, according to Trend Micro. The piece of malware appears to be a fork of Collector Stealer.
After it manages to get installed on a computer, Panda Stealer can collect private keys and records of past transactions from currency wallets. In addition to going after cryptocurrency, the piece of malware can steal credentials from NordVPN, Telegram, Discord, Steam, and other apps.
Trend Micro has identified an IP address that it believes is used by the threat actor behind Panda Stealer. It believes that the IP address is assigned to a virtual private seerver that's rented from Shock Hosting. The threat actor is said to have infected Shock Hosting to test the piece of malware. Shock Hosting was informed of the threat actor by Trend Micro and has suspended the IP address in question.
To help keep your PC and data protected, you should check out our list of the best antivirus software.
All the latest news, reviews, and guides for Windows and Xbox diehards.

Sean Endicott is a News Writer at Windows Central, where he covers Windows 11, Surface hardware, Microsoft 365, AI, apps, and the broader PC ecosystem. Since joining the site in 2017, he has written well over a thousand articles across the Microsoft landscape, covering breaking news, analysis, and feature reporting.
He writes Windows Wrap, a weekly column covering the biggest stories in Windows and the PC industry, and what they mean for the platform going forward.
Before joining Windows Central full-time, Sean worked in journalism and media production after earning a First Class degree in Broadcast Journalism from Nottingham Trent University. Outside of tech, he is an award-winning American football coach based in Nottingham, England, and was named BAFCA Youth Coach of the Year in 2024.
