Skip to main content

Nasty malware targets cryptocurrency wallets — your Ethereum is at risk

(Image credit: Snappa)

Threat analysts have discovered a new info-stealing malware that targets cryptocurrency wallets including Ethereum, along with other popular platforms such as NordVPN, Telegram, Discord and Steam.

Cybersecurity company Trend Micro spotted the malware, named Panda Stealer, in early April, and it has already affected countries including the United States, Australia, Japan, and Germany during a spam wave. Yikes. 

As noted in the post (via BGR), the malware spreads via spam emails that mimic business quote requests containing an Excel file with the Panda Stealer loader hidden within. Once opened, the malware gets to work.

Panda Stealer targets an unsuspecting victim's cryptocurrency wallets, including private keys and information regarding past transactions. This information can access different digital wallets including Dash, Bytecoin, Litecoin, and Ethereum.

Unfortunately, threat analysts have also stated it can steal credentials on other privacy-heavy apps, including VPN services such as Nord VPN and messaging apps such as Telegram and Discord.

What's more, it also has the ability to take screenshots of a victim's PC, and exfiltrating data from browsers like cookies, passwords, and cards. During the investigation, Trend Micro found more than 14 users had already been affected by the malware.

With many cryptocurrencies seeing record-breaking spikes lately, including Dogecoin, SafeMoon, and Ethereum Classic, malicious actors take this as their chance to spot vulnerabilities and swipe valuable digital wallets from unsuspecting victims. A recent M1 MacBook malware was all about stealing a user's cryptocurrency information. 

While it's always a good idea to stay clear of suspicious emails, users are still open to attacks. Trend Micro has provided a list of files, domains, and IP addresses that were found during its investigation. For a further breakdown of Panda Stealer and what to look out for, check out the post