The 2016 Rio Olympics kicked off on Friday (Aug. 5), and there are already hackers out targeting Brazilian banks.
IBM X-Force Research said it spotted a relatively new Zeus Trojan variant that is known by the name “Panda” or “Panda Banker.” It started targeting European and North American banks earlier in 2016 and has now made its way to Brazil.
“Panda now targets 10 local bank brands and multiple payment platforms right as Brazil prepares to host a global sporting event,” IBM X-Force Research said. The researchers suspect Zeus Panda is being hawked on the Dark Web on underground boards by the person who created it and that it is sold as a Cybercrime-as-a-Service to other hackers.
“Panda is clearly one hungry bear. The malware continues to spread to new geographies and is now targeting users in Brazil,” the IBM X-Force Research said. “First appearing in Brazil in July 2016, the related Panda variant likely has links to a locally operated, professional cybercrime faction. The variants fetched a new Brazil-focused configuration, which was set up to steal credentials from users of 10 major bank brands in the country, as well as those of bitcoin exchange platforms, payment card services and online payments providers.”
While Brazilian banks are the big target, the Zeus Trojan variant is also being used to target users who get delivery from a Brazilian supermarket chain, the websites of local law enforcement, local network security hardware vendors, Boleto payments and a loyalty program specific to Brazil-based commerce. Other targets include the logins of customers of a company that offers ATM management services and technology for banks. IBM X-Force said it is hard to pinpoint who is behind the Trojan, but it said it is evident they are familiar with operating banking Trojans of this level. When compared to other Zeus Panda botnets and banking Trojan configurations in general, the Brazilian one appears to be by a professional cybercrime group that has someone located in Brazil, it said.