Rio 2016: Zeus Panda Banking Trojan Arrives in Brazil

A variant of the Zeus banking Trojan has arrived in Brazil just in time for the 2016 Olympic Games in Rio de Janeiro.

Experts at IBM X-Force Research say Zeus Panda is based on existing code and exhibits much of the same behaviour as other Zeus types but has some modifications, mostly related to its encryption and communication schemes.

Zeus Panda has targeted Europe and North America since early 2016, targeting online payments, prepaid cards, betting accounts and other financial transactions.

Rio 2016 Zeus Panda

It arrived in Brazil in July, targeting local banks, law enforcement agencies and even supermarket chain delivery services. Researchers suspect a cybercrime group at least partly located in the south American country is responsible.

Botnets spread the malware to infected machines, making use of exploit kits like Angler and Neutrino. A popular attack method is a malicious Microsoft Word document, but Zeus Panda has also targeted specific company email addresses with personalised messages.

Its favoured fraud methodology is account takeover where credentials are stolen and used to initiate a transaction from another device. The victim is then held online by deceptive pop up windows that allow the attacker to complete the fraudulent attack in real time.

Targeting Brazil

“Panda’s move to Brazil is a very interesting occurrence in the country,” said IBM executive security advisor Limor Kessem. “Brazil’s cybercrime landscape is dominated by relatively simplistic codes designed for specific fraud scenarios, such as Boleto fraud, remote access fraud and malware used for phishing.

“Zeus Panda may not be the first ever modular banking Trojan to operate in Brazil, but it is definitely a major step up from the malicious Delphi-based malcode that’s so typical in the country. This migration of a new and commercial Zeus variant into Brazil also underscores the growing collaboration between Brazil-based cybercriminals and cybercrime vendors from other countries and underground communities — a trend that has been picking up speed in Brazil since the beginning of this year.

“Judging by recent emerging campaigns observed by X-Force Research, Zeus Panda appears to be an active and evolving project that is being commercialized to cybercriminals through Dark Web forums. As such, we expect to see more variations of this malware and new botnets appearing in the coming months, likely targeting different countries beyond those appearing in current configurations.”

Rio 2016 is a target for cybercriminals, with recent research from Proofpoint suggesting there are 4,500 malicious apps on popular marketplaces attempting to capitalise on the Games, while 15 percent of social media accounts associated with the Olympics are fraudulent.

Excited for the Olympics? Try our sporting IT quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Google Confronts Break-Up Threat From US DoJ

US Department of Justice mulls asking judge to force Google to sell parts of its…

2 hours ago

US Supreme Court Rejects X’s Trump Appeal

US Supreme Court declines to hear appeal from X, formerly Twitter, over nondisclosure order attached…

1 day ago

US Judge Orders Google To Allow Android App Store Competition

US federal judge orders Google to undertake wide range of measures allowing third-party app stores…

1 day ago

Ukraine Hackers Disrupt Russian Broadcaster On Putin’s Birthday

Ukrainian hackers disrupt online services of Russian state broadcaster VGTRK on Vladimir Putin's birthday, amidst…

1 day ago

Amazon Antitrust Case Gets Go-Ahead In US Court

US federal judge says FTC and 18 states may proceed with landmark Amazon antitrust case,…

1 day ago