Skip to main content

Panda Stealer malware is gobbling up cryptocurrency like bamboo chutes

NVIDIA GeForce RTX 3080 review
NVIDIA GeForce RTX 3080 review (Image credit: Harish Jonnalagadda / Windows Central)

What you need to know

  • A piece of malware known as Panda Stealer is being used to steal cryptocurrency.
  • Panda Stealer can spread through emails and malicious Discord links.
  • It can be used to steal Dash, Bytecoin, Litecoin, and Ethereum.

A new piece of malware dubbed Panda Stealer is spreading its way across the web. Panda Stealer can be utilized to steal cryptocurrency, including Dash, Bytecoin, Litecoin, and Ethereum. First reported on by Trend Micro (opens in new tab), the Panda Stealer malware spread around the web through spam emails.

Two infection chains have been identified. One chain contains an XLSM attachment that contains macros that downloads a loader, which executes the stealing process. The second chain utilizes an XLS file that has an Excel formula that uses a PowerShell command. This command uses a Pastebin alternative called paste.ee to get a second encrypted PowerShell command.

Panda Stealer appears as a business quote with a file attachment, according to Trend Micro. The piece of malware appears to be a fork of Collector Stealer.

After it manages to get installed on a computer, Panda Stealer can collect private keys and records of past transactions from currency wallets. In addition to going after cryptocurrency, the piece of malware can steal credentials from NordVPN, Telegram, Discord, Steam, and other apps.

Trend Micro has identified an IP address that it believes is used by the threat actor behind Panda Stealer. It believes that the IP address is assigned to a virtual private seerver that's rented from Shock Hosting. The threat actor is said to have infected Shock Hosting to test the piece of malware. Shock Hosting was informed of the threat actor by Trend Micro and has suspended the IP address in question.

To help keep your PC and data protected, you should check out our list of the best antivirus software.

Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at sean.endicott@futurenet.com (opens in new tab).